When your computer is constantly connected to the Internet or to a network, it is vulnerable to attacks and malware infections. In addition to using a powerful and updated antivirus solution, you can also use a network analysis tool to identify the malicious packets and block them. Such an application is Wireshark and it comes with no price tag.
When deploying Wireshark on your computer, you have the possibility to choose the plugins and extensions you want to install, such as the Dissector plugin, Tree Statistics, SNMP MIBs or the Meta Analysis and Tracing Engine.
Since these utilities are meant to provide a wider range of information about your network traffic and they can be easily disabled, it is advisable to install them as well. The same advice applies to the additional tools included in the setup and to the recommended file associations for the trace files found on your PC.
The final step before finalizing the initial configuration is for the setup to check whether you have WinPcap installed on your computer, and to install it if it is missing.If you are using several network cards, Wireshark allows you to choose the one you want to use for capturing the network traffic. Once the capture has begun, you can monitor all the connections and their corresponding details – you also get the chance to create filters so as to track only certain types of connections.
Another way to make sure you correctly monitor the type of packets you want is to apply color schemes for each type of connection, so that the most important ones are the most visible. If you are not satisfied with the color templates provided by Wireshark, you can create your own custom one, by specifying the shade you prefer and the string to be monitored.
Wireshark also comes with a Statistics function that can be used to generate reports to be analyzed at a later time. Depending on your necessities, you can choose to view the details of the protocol hierarchy, endpoint, packet lengths or the IO graph.
Overall, Wireshark can come in handy to all those who want to be in control of their network connections and limit them whenever needed. However, it does take an expert to use the app to its full potential.
What's New in This Release:
Bug Fixes:
· The following vulnerabilities have been fixed.
· wnpa-sec-2012-13
· The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566)
· Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
· CVE-2012-4285
· wnpa-sec-2012-14
· The MongoDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7572)
· Versions affected: 1.8.0 to 1.8.1.
· CVE-2012-4287
· wnpa-sec-2012-15
· The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571)
· Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
· CVE-2012-4288
· wnpa-sec-2012-16
· The ERF dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7563)
· Versions affected: 1.8.0 to 1.8.1.
· CVE-2012-4294 CVE-2012-4295
· wnpa-sec-2012-17
· The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603)
· Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
· CVE-2012-4289
· wnpa-sec-2012-18
· The RTPS2 dissector could overflow a buffer. Rep...