Take advantage of the fact that it's legal in every country to profile protocols and products.
Wireshark is a packet analysis tool. It allows you to capture packets and analyze them live, or load captures from another session. You can also use its very handy filter functions to look for specific packets - based on destination, target, type, time, payload, etc.
Wireshark has a nice GUI and can show you some amazing things about network traffic. However, Wireshark is also memory-intensive, and is pretty slow on Mac. It's worth it.
Capturing packets on a network is useful for troubleshooting, but it is also useful for seeing what the network normally looks like.
Take a Capture
Open up Wireshark, pick your network interface, and click the green fin to start the capture.
You can control many of wireshark's capture options, one nice feature is outputting the capture file in size increments or time increments. As networks get busier, these cap files get pretty large. This is a nice feature to have.
You can also load multiple capture files simultaneously.
Filtering Captures: Syntax
To filter out packets at the wireless card level to reduce the CPU load during a capture, you can use packet filters with the Berkeley packet filter (BPF) syntax.
The BPF syntax consists of primitives and operators.
Primitives consist of qualifiers and an ID.
Hree's an example that would only look for packets to a certain host and port (port 80 is HTTP traffic):
dst host 192.168.0.10 && tcp port 80
The syntax consists of primitives and operators.
A primitive is something like
dst host 192.168.0.10 or
tcp port 80.
An operator is something like
The primitive itself consists of qualifiers and IDs.
dst host 192.168.0.10 has the qualifiers
host and the ID
If your wireless card and CPU can handle a large amount of traffic, It is usually better to capture everything and use display filters to show different packets, instead of applying capture filters on the capture level. Capture filters are better if you're targeting your capture at a specific range of devices, a specific channel, or particular protocols.
Use filter expression dialogue to create packet display filters.
Operators and Filter Expressions
You can use several comparison operators and logical operators when constructing the display filter.
- equal to
- not equal to
- greater than
- less than
- greater than or equal to
- less than or equal to
Advanced Wireshark Stuff: Wireshark/Advanced
Wireshark can be used to analyze network traffic in detail: Wireshark/Traffic Analysis
Wireshark can be used to sniff HTTPS traffic: Wireshark/HTTPS
Wiresharka Swiss-army knife for analyzing networks, network traffic, and pcap files.
Working with SSL/TLS/HTTPS:
Flags · Template:WiresharkFlag · e
Networkingpages and notes about computer networks.
Man in the Middle attack vectors on wired networks: Man in the Middle/Wired
Packet analysis with Wireshark: Packet Analysis
Linux networking: Linux/Networking
Using Aircrack: Aircrack
Many Ways to Crack a Wifi: Cracking Wifi
Notes on OpenVPN: OpenVPN
Setting Up a Static Key VPN: OpenVPN/Static Key
IP Version 6: IPv6
Flags · Template:NetworkingFlag · e
Kali Linux"The quieter you become, the more you are able to hear."
Penetration testing Linux distribution.
1 Physical Attacks: Kali/Layer 1 Attacks
2 Data/MAC Attacks: Kali/Layer 2 Attacks
3 Network Attacks: Kali/Layer 3 Attacks
4 Transport Attacks: Kali/Layer 4 Attacks
5 Session Attacks: Kali/Layer 5 Attacks
6 Presentation Attacks: Kali/Layer 6 Attacks
7 Application Attacks: Kali/Layer 7 Attacks
Kali on Raspberry Pi:
Flags · Template:KaliFlag · e