Wireshark (Network Security)

Stephanie-peppers-wireshark
My favorite tool lately has been Wireshark. Out of curiosity, I decided to compare Wireshark with Microsoft Message Analyzer.
Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic, events, and other system or application messages in network troubleshooting and other diagnostic scenarios. Message Analyzer also enables you to load, aggregate, and analyze data from log and saved trace files. It is the successor to Microsoft Network Monitor 3.4 and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft to improve protocol design, development, implementation testing and verification, documentation, and support (technet.microsoft.com, 2017).
Some highlights from my findings are:
Microsoft Message Analyzer
  • Microsoft Message Analyzer not only captures traffic and can read captures, but it also analyzes information from Windows event logs, .log files, Powershell, SQL, and Azure
  • Captured “messages” are the packets or frames
  • There is an easy to read GUI
  • Can capture from a remote computer or from multiple machines at the same time.
  • Ability to decrypt all the data if you import a new SSL Certificate or by capturing at Windows firewall level or at application level before being encrypted by HTTPS
  • Can open panels of information side by side to have a better understanding of the system
(techgenix.com, 2017).
Wireshark
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • Read/write many different capture file formats: tcpdump (libpcap), Pac NG, Catapult DCT2000, Cisco Secure IDS pilot, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and Nethra®, Network Instruments Observer, Net Screen snoop, Novell Analyzer, RADCOM WAN/LAN Analyzer, Shomate/Finesser Surveyor, Tektronix K12xx, Visual Networks Visual Uptime, Wild Packets Ether Peek/Token Peek/Aerotek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
(Wireshark.org, 2017).
Wireshark has been around for a long time and is well known in the industry. any system. Microsoft Message Analyzer seems to be an overall good tool to have and add to the mix. Maybe not the only one, but a good one to use in addition to the others.
Techgenix.com. (2017). Microsoft Message Analyzer 1.4: What’s new?. [online] Available at: http://techgenix.com/microsoft-message-analyzer-1-4/ [Accessed 12 Oct. 2017].
Technet.microsoft.com. (2017). Microsoft Message Analyzer Operating Guide. [online] Available at: https://technet.microsoft.com/en-us/library/jj649776.aspx [Accessed 12 Oct. 2017].
Wireshark.org. (2017). Wireshark · About. [online] Available at: https://www.wireshark.org/about.html [Accessed 12 Oct. 2017].

Wireshark..Go Deep

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s