| By Ryan Russell |
Completing my recent series on monitoring file-system and Registry activity, I’d like to add what you need to know about packet capturing.
To monitor a program’s activity for troubleshooting purposes, you really need to record its file, Registry, and network activity — and today, I’ll help you understand my favorite packet-capture tool.
How to capture packets with the big fish
I most recently described two other utilities: Process Explorer on Jan. 3 and Process Monitor on Mar. 6. I continue my tool series this week with Wireshark, a packet-capturing tool.
If you’d like to follow along, please download the latest version of the program from the Wireshark Web site. There’s a prominent “Get Wireshark Now” button that offers you the latest Windows version. There are versions for most other major operating systems, too.
People commonly call tools like Wireshark “sniffers.” This generic term, however, shouldn’t be confused with Sniffer, a trademark for a commercial application that performs similar functions.
To open Winshark, download and run the latest Windows installer. The defaults shown in the install routine should all be fine. When prompted, install Winpcap but not the NPF service that comes with it.