Have you ever wondered what kind of information is being exchanged between your computer and the internet? What applications are reaching out and what data is being sent? Perhaps you're connecting to things you're unaware of, or maybe you've been hacked and your computer is connecting to attackers. To answer these questions, you can use a tool called Wireshark. This tool gives you an inside view of what's happening on your network. If you're not used to looking at packets, it can seem intimidating, but I'll make it simple for you.
Getting Started with Wireshark
When you open Wireshark for the first time after installation, it will show you a list of all the different network interfaces on your computer and ask you which one you want to capture. For example, if you're connected via Ethernet, select the Ethernet interface; if you're using Wi-Fi, select that instead.
Once you've selected the appropriate interface, you'll see a flood of information. This is because your computer constantly sends and receives information, much of it from background applications. To make sense of this, let's perform a simple task: a Google search.
Using Wireshark
Open your browser and do a Google search for "Wireshark." As you search, switch back to Wireshark, and you'll see a lot of data. Among this data, you'll find packets linked to Google. A packet is like a data package sent over the internet.
On the left, you can see descriptions of the packets, including the amount of data they contain. Data transmission is defined by protocols. For example, DNS (Domain Name System) requests help your computer find the address of a server based on its name.
To simplify the view in Wireshark, you can use filters. For example, type "DNS" in the search filter, and you'll see only DNS packets. This makes it easier to read the names of different websites your computer is trying to reach.
Practical Examples
Let's say you visit your favorite website, "example.com." In Wireshark, you will see "example.com" and possibly other domains like "youtube.com" if there are embedded YouTube videos on the site. This indicates that your computer is connecting to YouTube to fetch the video content.
Similarly, visiting a site like "cnn.com" will show connections to various subdomains and third-party services like advertising networks. This demonstrates how websites track and connect you to other services.
Investigating Background Activities
Wireshark can also help you understand what's happening in the background on your computer. Keep Wireshark running and observe the traffic. If you search for specific strings like "Discord" or "Microsoft," you'll see connections to their servers if those applications are running.
Conclusion
Wireshark is a powerful tool for investigating network activity. Whether you're curious about what your computer is doing or you want to ensure it's not connecting to malicious sites, Wireshark provides valuable insights.
Try using Wireshark and see what connections your computer is making. It's available for Windows, Mac, and Linux. Share your findings in the comments and let us know if you discovered anything surprising.
Thanks and Acknowledgements
A big thank you to Malwarebytes for sponsoring this video. Their latest version of Malwarebytes Premium offers real-time protection, ransomware protection, and more. It even includes a VPN to hide your browsing activity. Check it out via the link in the description and get a free trial.
No comments