Listen to this Post
You Should Know:
Packet capture is a fundamental skill for network analysts, and Wireshark is one of the most popular tools for this purpose. Below are some practical steps, commands, and codes to help you get started with packet capture and analysis using Wireshark.
1. Installing Wireshark
- Linux (Debian/Ubuntu):
sudo apt update sudo apt install wireshark
- Windows:
Download the installer from the official Wireshark website: https://www.wireshark.org/download.html
2. Starting a Packet Capture
- Linux:
sudo wireshark
Select the network interface you want to monitor and click “Start.”
- Windows:
Open Wireshark, select the interface, and click the shark fin icon to start capturing.
3. Filtering Packets
- Use display filters to narrow down traffic:
- Filter HTTP traffic: `http`
– Filter DNS traffic: `dns`
– Filter by IP address: `ip.addr == 192.168.1.1`
4. Saving Captures
- Save your captured packets for later analysis:
- Go to `File > Save As` and choose your desired format (e.g.,
.pcap).
5. Analyzing Packets
- Right-click on a packet and select “Follow TCP Stream” to view the entire conversation.
- Use the “Statistics” menu to analyze protocol hierarchies, conversations, and endpoints.
6. Command-Line Packet Capture with `tcpdump`
- Capture packets on a specific interface:
sudo tcpdump -i eth0 -w capture.pcap
- Capture only HTTP traffic:
sudo tcpdump -i eth0 port 80 -w http_capture.pcap
7. Analyzing Captures with `tshark`
- Read a saved capture file:
tshark -r capture.pcap
- Filter HTTP requests:
tshark -r capture.pcap -Y "http.request"
8. Automating Captures with Cron (Linux)
- Schedule a daily packet capture:
crontab -e
Add the following line to capture packets every day at 2 AM:
0 2 * * * /usr/sbin/tcpdump -i eth0 -w /path/to/daily_capture.pcap -G 3600 -W 24
9. Monitoring Network Traffic
- Use `iftop` to monitor real-time network traffic:
sudo apt install iftop sudo iftop -i eth0
10. Troubleshooting Network Issues
- Check for dropped packets:
netstat -s | grep dropped
- Analyze network latency:
ping google.com
What Undercode Say:
Packet capture and analysis are essential skills for cybersecurity professionals, network administrators, and IT enthusiasts. Tools like Wireshark, tcpdump, and tshark provide powerful capabilities to monitor, analyze, and troubleshoot network traffic. By mastering these tools and commands, you can gain deeper insights into network behavior, detect anomalies, and improve security. For more advanced techniques, consider exploring Wireshark’s official documentation and online courses.
Reference:
- Wireshark Official Website: https://www.wireshark.org
- YouTube Video: EASY Packet Capture – Low cost!!
References:
Reported By: Cgreer Easy – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
