Wireshark

From Hackepedia
Revision as of 19:01, 21 October 2007 by Franks (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Wireshark used to be called Ethereal. It is the most popular GUI packet sniffer.

Starting it on UBOs

Remember you need to be root to run wireshark because you will be putting your network card into promiscuous mode. If you're starting it from a terminal, you probably want to run: 

# su -p -c wireshark

assuming wireshark is in root's $PATH, if not, include the full path.

Using it

Once in wireshark, go to 

Capture -> Interfaces

and choose the interface you want to capture on. Then just hit "stop" when you want to stop sniffing. You will now see a list of the packets you have captured.


Fun things to do with your captured packets:

Right click on one of the TCP packets and see if there is an option "Follow TCP stream". You will notice when you close the follow TCP stream window that the filter text box that was empty now contains a filter. You can clear this filter to start over with all over your captured packets, or fine tune the filter to find exactly what you are looking for.

If there isn't a lot of traffic on your interface, try going to a webpage in your browser while you are capturing. Now when you view the TCP stream of your HTTP request, you will see what happens behind the scenes with your Browser.

Retrieved from "https://hackepedia.org/?title=Wireshark&oldid=3880"