As seen in the previous example, you can filter the ports with:.You can also filter the source or destination IP addresses with:.Filter the IP address (to analyze only one device on your network):.Reading these filters is quite intuitive, but instead of trying random formulas, here are some of the most useful ones: It’s exactly what you think, it will display only the packets using the port 80 (HTTP traffic in general). That’s why Wireshark includes a field near the top of the screen, where you can enter a formula to only show the packets that are potentially interesting for you (or exclude them). Devices talk quite a lot on our networks, and it might be overwhelming to see all of these packets. How to master Kali Linux like a pro hackerīut the main issue when you are looking for something specific on Wireshark, is to filter the packets list (the first table). So, I won’t give you more details here, but you can check the official documentation to learn more about it. Packet analysis with Wireshark could be a dedicated article, or even a full book on its own. I’ll show you how to filter this list in the next section. For example, if you are looking for suspect HTTP activity from a specific IP address, you can skip everything unrelated (like DNS requests and other IP addresses). It will help you to select the ones you are interested in. On the first part, you’ll see the macro information, like source, destination and protocol. Packet bytes: the exact packet content, with bytes and hexadecimal format (less useful for us ^^).Packet details: when you select one packet, you can see its content, in a more or less readable text format.Where you can see all captured packets, and use the display filters to only show those that interest you. Packets analysisĪfter doing a capture of the network traffic, you can then analyze its content. It will keep capturing the network traffic until you press the stop button (the red one in the top bar). If everything is working properly, the window will start to be filled with a table refreshing constantly:Įach line is a packet detected by Wireshark.You can also double-click on the interface name on the home page, use the capture menu, or just press CTRL+E. ![]() Click on the first icon in the top bar.In general, it will be “eth0” if your computer is plugged via Ethernet, or “wlan0” if you are using a Wi-Fi connection. ![]() Select the interface you want to capture in the list.This will be pretty useful for the analysis part I’ll introduce later (and it’s also used by hackers and pen-testers).Īnyway, here is how to start a capture with Wireshark: ![]() If your computer is just one element of your network, it will mostly be your own network usage, and a few talks between your device and the other ones.īut when your device is an important node of this network (DNS server, gateway, etc.), it will record almost anything happening on the network. Basically, the idea is to listen what’s happening on one of your network interfaces. The main feature that you’ll use frequently with Wireshark is the capture. I won’t explain everything in this article, but I absolutely want to explain how to capture the network traffic and analyzer the results, so let’s get right to it. And you have the full menu for all the ninja features included in this tool. You also need to pick a network interface to listen to (in general, it will be eth0). You’ll find the main actions in the shortcut bar at the top of the screen. You'll enjoy receiving the recent articles directly in your inbox every week! Stay tuned with the latest security news!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |