Posted by: Nathan Simon
IT professional, Microsoft Windows, Networking, Security
“Wireshark is an award-winning network protocol analyzer developed by an international team of networking experts.”
One of the best network analyzing tools out there bar none, formerly known as Ethereal to you veterans.
Well today I get a call from a client, she has been having these issues where someone seemed to be connecting to her PC without her authorization. Winvnc is on the machine, and it is secured with a password. TCP Port is open and the Javaport is also open on a slightly different port. Part of the solution is to lock it down, so I set VNC to prompt when someone is connecting to the PC, which was fine, whoever it was always connecting cannot connect anymore. Although they still try to, she just denies it. How would one go about finding the culprit? Well I would say use Wireshark!
With Wireshark you can analyze a connection, in this case a 3Com Nic. What Wireshark will do is analyze every packet that comes through that card, so if a person or machine tries to connect to her machine, we’ll know about it. The program will analyze the packets and use DNS to convert IPs to names thus making it slightly easier. So lets say someone inside of the network is playing a joke on her… well tomorrow when I have Wireshark running and logging all connections to and from her PC, whatever IP is trying to access her PC on either of the ports in this situation will be identified via IP and hostname.
There are two revisions of Wireshark, or should I say two types, installable, and portable.
You can download them from here I myself like the portable one, you can have it on a USB stick, which installed WinPcap when in use, and uninstalls it when you quit the app.
If anyone has ANY questions please feel free to leave a comment! You can also check out the FAQ here