Wireshark: The Microscope for Your Network

How to capture and analyze network traffic with Wireshark. Essential filters and techniques for spotting malicious activity.

1 min read
ibrahimsql
198 words

Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level.

Getting Started#

  1. Select Interface: Choose the network card you want to sniff (e.g., eth0 or wlan0).
  2. Start Capture: Click the blue shark fin icon.
  3. Stop Capture: Click the red square when you have enough data.

Essential Filters#

Wireshark captures everything. Filters are how you find the needle in the haystack.

  • ip.addr == 192.168.1.5: Show traffic to/from this IP.
  • tcp.port == 80: Show HTTP traffic.
  • http.request.method == "POST": Show only POST requests (useful for finding logins).
  • dns: Show DNS queries.

Following Streams#

Right-click a packet -> Follow -> TCP Stream. This reconstructs the entire conversation between client and server in a readable format. It's amazing for seeing exactly what data was transferred.

Use Cases for Hackers#

  • Credentials: Finding cleartext passwords (FTP, Telnet, HTTP).
  • Malware Analysis: Seeing what a virus does on the network.
  • Debugging: Understanding why your exploit isn't working.

Conclusion#

Wireshark is a fundamental tool. Whether you're debugging a connection or hunting for malware, you need to know how to read packets.

---
Share this post:
TwitterLinkedInFacebook

What do you think?

React to show your appreciation

Related Posts