Wireshark is a software that has been created to be used for software reverse engineering. It is a software that gives you the power to intercept data of any kind being sent over the internet. In order to understand how it works, we need to have a basic understanding of how internet communication works. Most internet communication systems allow you to send files to another person. When you are doing this, you will be sending them a "data packet". The data packet is encrypted before it leaves your computer and once it reaches the other end, it is decrypted and delivered to the intended recipient.
The data packet is composed of a purpose code, which are part of the encryption process, and an identification code, which are a part of the decryption process. Both of these parts are called headers. In order to send the packet, you will need to send a header, known as a "chunk", which is basically a series of information. For example, if you are trying to send a file named foo.txt to someone, the first line of the file would be a header, like so:
In this header, you will find some information such as the name of the file, the type of file, its length, a raw file address, a pointer to the program and so on. Once you get this header, you will be able to decipher the rest of the data by reading it at a rate of thousand lines per second. Wireshark is a tool which uses the data gathered from this packet sniffing to decode and understand the information. There are two basic types of packet sniffing, the protocol sniffing and the TCP/IP sniffing. These are also known as "stealth"traceroute" respectively. Wireshark can be downloaded from many websites for free. Wireshark is a great software to use when you are doing your internet surveillance.