A network packet is a basic unit of information that is transferred across a network. These packets are sent in pieces and when the packets arrive at their destination, they are reassembled into their original form. These packets can be captured using data capture tools like wireshark and tcpdump.
Packet capturing basically captures packets from a certain port and can be used to analyze it. It has the capability to filter and analyze data by numerous variables like protocols/ports and source/destination. These will be network focused tools and not host based, so it’s great for identifying network performance issues. Tcpdump and wireshark are great tools that can help identify and troubleshoot specific network problems and it can help identify potential security issues as well. It enables network managers to capture data packets directly from the computer network.
Difference between the two is that wireshark has a graphical user interface while tcpdump doesn’t. Tcpdump is a command line interface tool. These tools collect and record packet data and create .pcap files. While both tools are good, wireshark is more user friendly and more powerful. Wireshark is more extensible in protocol and packet analysis and it is able to decrypt the data as long as you have the key. However, for simple tasks, tcpdump is much more efficient.
HansITAcademy 