You are about to discover the full potential of Wireshark. In short, Wireshark is a network analysis tool, the network analysis tool is capable of capturing packets in real time. Allowing the operator of the tool to filter and inspect captured packets.
The Wireshark tool has evolved in the last years into a full functioning and easy to use network analysis tool. The tool provides a straight forward interface, the interface contains various advanced options and the network packets which are shown in the GUI have been categorized with colors, making it very easy to identify the packets you are looking for.
In this guide, we will take a look on how to use Wireshark to capture, filter and inspect packets within seconds.
Downloading and installing Wireshark
First of all, I want to make it very clear to download your software from legitimate and official sources only. If you do not have Wireshark installed, you will need to download and install the Wireshark application from the official source.
If you are using Ubuntu, you will be able to find the Wireshark network analysis tool in the package repositories. Simply navigate to your Ubuntu Software Center and search for ‘Wireshark’, click install and follow the instructions.
The network analysis tool uses interfaces to capture traffic, the interfaces are network adapters that have been detected by the network analysis tool.
In order to capture the LAN traffic that is being generated by my machine, I will need to start capturing the ‘Ethernet’ network interface.
Double click on the network interface that you want to capture, in my situation, I have to select the ‘Ethernet’ network interface to start capturing my LAN network traffic. If everything is functioning as it should, you should start seeing LAN network traffic in your GUI. It should look something like this.
|TCP packets with issues||Black|
|UDP traffic||Light blue|
|DNS traffic||Dark blue|
To fully understand the capabilities of Wireshark, it is important to have network data that you want to inspect. On the official Wireshark website, you will be able to find .pcap files that clean hold network traffic. These packages are called .pcap and Wireshark is capable of generating and reading .pcap files. If you want to take a real dive into network analysis, you can also try the free .pcap files that are provided by malware-traffic-analysis. The Malware Traffic Analysis site holds .pcap files that have shown malicious behaviour.