{"id":271,"date":"2022-07-08T02:59:34","date_gmt":"2022-07-08T07:59:34","guid":{"rendered":"https:\/\/chrisrgaunt.com\/?p=271"},"modified":"2025-02-23T23:05:11","modified_gmt":"2025-02-24T05:05:11","slug":"kali-linux-setup","status":"publish","type":"post","link":"https:\/\/chrisrgaunt.com\/?p=271","title":{"rendered":"Wireshark"},"content":{"rendered":"\n<p> <strong>What is Wireshark?<\/strong><\/p>\n\n\n\n<p>Wireshark is a powerful, open-source network protocol analyzer used for capturing and analyzing network traffic in real time. It&#8217;s a <strong>packet sniffer<\/strong>, meaning it intercepts and logs network packets passing through a network interface, which is crucial for troubleshooting, security analysis, and learning about how networks work.<\/p>\n\n\n\n<p><strong>Key Features of Wireshark:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Packet Capture<\/strong>: Wireshark can capture and display data packets moving through a network, providing a detailed breakdown of the data, including headers, payloads, and protocol-specific information.<\/li>\n\n\n\n<li><strong>Network Traffic Analysis<\/strong>: With Wireshark, you can analyze traffic from Ethernet, Wi-Fi, Bluetooth, and more. It helps network administrators, security professionals, and anyone interested in learning more about networks.<\/li>\n\n\n\n<li><strong>Offline Analysis<\/strong>: Captured packets can be saved and analyzed later, which is useful for deep analysis and troubleshooting.<\/li>\n\n\n\n<li><strong>Protocol Decoding<\/strong>: It supports hundreds of different network protocols, from simple ones like HTTP to more complex protocols like SIP or DNS.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to Set Up Wireshark<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Download and Install Wireshark:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Go to <a href=\"https:\/\/www.wireshark.org\/download.html\" target=\"_blank\" rel=\"noopener\" title=\"\">Wireshark\u2019s official download page<\/a>.<\/li>\n\n\n\n<li>Download the version compatible with your operating system (Windows, macOS, or Linux).<\/li>\n\n\n\n<li>Run the installer and follow the on-screen instructions. On Windows, ensure you install <strong>Npcap<\/strong> (which is required for packet capture).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Configure Wireshark:<\/strong>\n<ul class=\"wp-block-list\">\n<li>After installation, launch Wireshark.<\/li>\n\n\n\n<li><strong>Set up your capture interfaces<\/strong>: You\u2019ll see a list of available network interfaces on your computer (e.g., Ethernet, Wi-Fi). Choose the interface you want to capture traffic from (typically, the one that is connected to the network).<\/li>\n\n\n\n<li>Ensure your network adapter is properly configured and that Wireshark has permission to capture packets from it.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Run Wireshark with Administrator Privileges (if needed):<\/strong>\n<ul class=\"wp-block-list\">\n<li>On some systems, Wireshark requires administrator privileges to capture traffic. You can run it as an administrator by right-clicking on the Wireshark icon and selecting &#8220;Run as administrator.&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to Use Wireshark<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Start Capturing Traffic:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Select the network interface (Ethernet, Wi-Fi, etc.) that you want to capture packets from.<\/li>\n\n\n\n<li>Click the <strong>shark fin icon<\/strong> (Capture) at the top left to start capturing packets.<\/li>\n\n\n\n<li>As traffic passes through the network interface, Wireshark will begin displaying packets in real-time.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Filter Traffic:<\/strong>\n<ul class=\"wp-block-list\">\n<li>You can apply <strong>filters<\/strong> to focus on specific traffic types (e.g., HTTP, DNS, or TCP packets).<\/li>\n\n\n\n<li>A simple filter like <code>http<\/code> will show only HTTP traffic.<\/li>\n\n\n\n<li>For more advanced filtering, you can use expressions like <code>ip.addr == 192.168.1.1<\/code> to filter packets by IP address or <code>tcp.port == 80<\/code> to capture HTTP traffic specifically.<\/li>\n\n\n\n<li>Use <strong>display filters<\/strong> to narrow down the data to what you&#8217;re interested in. For example:\n<ul class=\"wp-block-list\">\n<li><code>ip.src == 192.168.1.10<\/code> (filter packets from a specific IP address)<\/li>\n\n\n\n<li><code>tcp.flags.syn == 1<\/code> (filter TCP SYN packets to analyze handshake)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Analyze Packets:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Packet List<\/strong>: Each row represents a captured packet. Click on a packet to get more details.<\/li>\n\n\n\n<li><strong>Packet Details<\/strong>: The middle pane shows the decoded packet structure (e.g., Ethernet frame, IP header, TCP flags, etc.). You can expand sections for deeper analysis.<\/li>\n\n\n\n<li><strong>Packet Bytes<\/strong>: The lower pane shows the raw hexadecimal and ASCII representation of the packet.<\/li>\n\n\n\n<li>Look for anomalies, packet retransmissions, high latency, and unexpected behavior in the captured packets.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Save Capture Files:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Once you\u2019ve captured enough traffic, click <strong>File &gt; Save As<\/strong> to store the packet capture.<\/li>\n\n\n\n<li>You can save your captures in various formats, but the default <strong>.pcap<\/strong> file format is most commonly used for Wireshark captures.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Stop Capturing Traffic:<\/strong>\n<ul class=\"wp-block-list\">\n<li>When you\u2019re done, click the red <strong>stop button<\/strong> at the top to stop the capture.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Example Use Cases for Wireshark<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Troubleshooting Network Issues:<\/strong>\n<ul class=\"wp-block-list\">\n<li>You can use Wireshark to troubleshoot network latency, dropped packets, or general network issues. For example, by filtering for <strong>TCP retransmissions<\/strong>, you can identify potential issues with network reliability.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Analyzing Security Events:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Wireshark helps in investigating security incidents by looking for malicious traffic, unauthorized access attempts, or unusual packet patterns.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Learning Protocols:<\/strong>\n<ul class=\"wp-block-list\">\n<li>By examining various protocols (e.g., HTTP, DNS, TCP\/IP), you can better understand how networks work and how data is transferred.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Malware and Intrusion Detection:<\/strong>\n<ul class=\"wp-block-list\">\n<li>You can use Wireshark to monitor traffic for signs of malware (e.g., unusual outbound traffic or suspicious DNS queries).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Learning Resource: Video Tutorial<\/strong><\/h3>\n\n\n\n<p>Here&#8217;s a great <strong>video tutorial<\/strong> that helped me when I started using Wireshark, especially in terms of packet analysis:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Wireshark for Beginners &#8211; Learn Network Traffic Analysis (YouTube):<\/strong><br><a href=\"https:\/\/www.youtube.com\/watch?v=TkCSr30UojM\" target=\"_blank\" rel=\"noopener\" title=\"\">Wireshark Network Analysis Tutorial<\/a><\/li>\n<\/ul>\n\n\n\n<p>In this tutorial, the instructor covers basic packet analysis, filter usage, and understanding network protocols. Pausing and rewinding the video when you don\u2019t understand a part is crucial\u2014take your time to digest each step, and <strong>don\u2019t just copy and go<\/strong>. Reflect on the &#8220;why&#8221; behind each action, whether it\u2019s setting filters or analyzing packet details. This will make your learning process more solid.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-group is-content-justification-center is-nowrap is-layout-flex wp-container-core-group-is-layout-1 wp-block-group-is-layout-flex\">\n<p class=\"has-white-color has-text-color\">SHARE ON<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D271\" target=\"_blank\" rel=\"noreferrer noopener\">Facebook<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D271\" target=\"_blank\" rel=\"noreferrer noopener\">Linkedin<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/twitter.com\/intent\/tweet?text=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D271\" target=\"_blank\" rel=\"noreferrer noopener\">Twitter<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>What is Wireshark? Wireshark is a powerful, open-source network protocol analyzer used for capturing and analyzing network traffic in real<\/p>\n<p><a href=\"https:\/\/chrisrgaunt.com\/?p=271\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">Wireshark<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":781,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-271","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-projects"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/271","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=271"}],"version-history":[{"count":1,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/271\/revisions"}],"predecessor-version":[{"id":3220,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/271\/revisions\/3220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/media\/781"}],"wp:attachment":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}