Wireshark Is An Amazing (and “Leading”) Networking Monitoring Tool

Posted by Henry Dalziel  |  December 16, 2019  |   Questions / Comments 24


Cyber Hack Tool Cybersecurity network password
Henry Dalziel
Henry Dalziel | December 16, 2019

- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker

Wireshark is hands down the world's most famous network monitoring tool.

Wireshark is a very powerful and popular network analyzer for Windows, Mac and Linux. It’s a tool that is used to inspect data passing through a network interface which could be your ethernet, LAN and WiFi.

Check out our recommended Wireshark training books and study guides. The prices vary from only $5 for the Kindle Version to full comprehensive Wireshark tutorial guides. Some of these titles are ideal for beginners that are interested to learn more about networking and being able to sniff traffic.

If you’d like to see our recommended Wireshark tutorial video hit up this link. [49 mins long detailed beginners guide]

The series of data that Wireshark inspects are called ‘Frames’ which includes ‘Packets’. Wireshark has the ability to capture all of those packets that are sent and received over your network and it can decode them for analysis. When you do anything over the Internet, such as browse websites, use VoIP, IRC etc., the data is always converted into packets when it passes through your network interface or your LAN card. Wireshark will hunt for those packets in your TCP/ IP layer during the transmission and it will keep, and present this data, on its’ very own GUI.

It is important to note that whilst this is an excellent tool for a network administrator that needs to check that their customer’s sensitive data is being transmitted securely – it can also be used be used by hackers on unsecured networks – such as airport WiFi. The moral of the story at this point is to stay clear of clear text http protocols: that is the best advice we can give. To remedy this we would encourage you to use a Firefox addon called https everywhere or use an SSH or VPN tunnel.

Step 1: Start Wireshark!
To open Wireshark in Linux (after you have downloaded it) open it in a terminal with:

“gksudo wireshark”

– this will open the wireshark GUI. Worth quickly noting that Wireshark comes pre-installed with most pentesting Linux distros like BackBox and Kali Linux. The “gksudo” command tells your Linux box to open the application, in this instance Wireshark, in its’ native GUI whilst in a super-user mode, aka. Sudo.

Step 2: Wireshark GUI
Once the Wireshark GUI has opened, you’ll see that the dashboard has a left column box called ‘Interface List’. This list lets you know which devices and capture cards you can use. At the top of the application, there is an option called ‘Capture Options’ which is exactly that, it allows you to modify and tweak how you would like to capture the packets of data that are being transmitted over your network.

Step 3. Wireshark Interface
If you have a look at your interface list (see Step 2 and the associated screenshot) you’ll see that one of your devices is actually sending and receiving packets. Options include promiscuous mode and capture mode etc. Have a play around with these and understand what each of these functions does – and you will rapidly learn how to effectively use Wireshark.

Step 4. Capture Interface Options
This screenshot shows the Wireshark capture interfaces, in other words, it shows what processes and platforms are receiving and sending data on your machine. If you have a wireless card, then it will show it, etc.

Step 5. The Main Packets Panel
Once you are happy with the interface you’d like to use, go ahead and click ‘start’ and Wireshark will show all the packets that are being transmitted over your network. If you open a web browser or for example, watch a video on YouTube, you’ll notice a sudden surge of packet data. The whole point here is to find patterns or anything that looks suspicious. Taking the columns at the top of the Wireshark interface from left to right, the first number is the ‘packet number’. The second column shows how many seconds it has been since the start of the capture. The third column is the source IP Address and the fourth column shows the destination IP Address. The fifth column is the protocol that sent the packet, i.e. it could be DNS, TCP (Transmission Control Protocol) or even HTTP.

Filtering the packets is key when using Wireshark – done by using the search bar within the interface (top left). If you right-click on a packet of interest you can ‘follow TCP stream’ and you get a ton of raw information.

Learn Wireshark! Even you are a system administrator or if you are just starting out your career as a penetration tester, you need to know what is happening on the network on which you work! Let us know your thoughts! Are you a Wireshark veteran, is there something else we should add to this simple demo?

If you are interested in seeing a demonstration of how to use Wireshark when hacking into VoIP then head on over to our excellent demo with Mile2’s Eric Deshetler where he shows How To Crack SIP Authentication & Listen To VoIP Calls!

24 responses to “Wireshark”

  1. Fernando says:

    These are not the basics, this is a super small description of its GUI, nothing else.

  2. Vee says:

    I tried using wire shark on windows xp…It is not displaying any information in the display! WHat gives?

  3. Vee says:

    Got it going….no worries!

    • Henry Dalziel says:

      Awesome! Glad to hear. We really want to make a more in-depth tutorial than this one, so please stay tuned!

      • Richard says:

        Tutorial? Its nothing more than a cut down version of a UI guide. Nothing whatsoever to do with actually using and understanding Wireshark : not to mention the horrendous advice to run it under gksudo thus risking & compromising the Linux machine. Wireshark does not need to be ,nor should it, run as root on a Linux GUI.

        • Henry Dalziel says:

          Thanks for your feedback and you are right on many of the points. We are in the process of publishing a MUCH better Wireshark piece that will be written by one of our instructors.

  4. Shiv Shankar says:

    Images are not visible, please fix!

  5. Bryan McGann says:

    This tutorial is really just the absolute basics. Wireshark can be used to analyze network problems, latency, DNS, DHCP, and so on. It is powerful because you can see the time and the delay and combine traffic from the same stream on two different physical locations to determine issues with transmission.

  6. varalaxmi says:

    Wireshark is basically used to troubleshoot the networks. capturing and filtering of packets. is there any other use of wire shark?

  7. Mark Shepard says:

    Can you add a link to this new material?

  8. Nilanga says:

    Excellent TUT… Thanks… please update us with the advance tut as well

  9. ct says:

    i have 4 different video with different format and bitrate,it is possible for me to measure the bandwidth of video transmission using just 2 PCs to over wireless channel?kindly need ur help here.anyone.

  10. mere says:

    Is it possible for Wireshark to miss something? When I have it and my devices are all connected to the same network, it doesn’t pick up everything, and I know there is more information then Wireshark presents. Does Wifi affect the reliability?

  11. Karl says:

    I didn’t think this is a very good tutorial. It just lists various features but doesn’t guide you through a basic, typical usage.

  12. Karl Harshman says:

    I will look for a better tutorial. I don’t like video tutorials because they are very hard to rewind then fast forward when I miss something.

    • Henry Dalziel says:

      I hear you. We all have different learning preferences. Let us know if you come across a good Wireshark tutorial. Thanks!

  13. Olaniyi says:

    is there any way you can organize an IT Training program in person with these tools and mostly using the W3af web scanner please? i do need your assistance on this ..thanks.

    • Henry Dalziel says:

      Sure! We are planning a whole bunch of new courses for 2016! We have your email so we will contact you once we have launched them all.

  14. Anonymous says:

    You have to know about OSI layer and its functionality .

Leave a Reply to Henry Dalziel Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Some Of Our Other Content

You may also like...

USB Keyloggers
USB Keyloggers

Some of these USB Keyloggers work over WiFi and others even email you the keystrokes! Require NO drivers. Just plant and forget.

Blog Post

N00b Hacking
WiFi Hacking Hardware Devices
WiFi Hacking Hardware Devices

We take a look at hardware used by the pro's to hack into Wireless Networks! (Keyloggers, Deauth Tools, Alfa Scanner etc.)

Blog Post

WiFi Hacking
Mobile Encryption Apps
Mobile Encryption Apps

Is WhatsApp safe? What about Telegram? There are dozens of mobile encryption apps...

List Review

Cyber Hacking
Password Cracking Tools
Password Cracking Tools

John The Ripper, Crowbar, L0phtcrack, Medusa, Rainbowcrack, THC Hydra and more!

List Review

Cyber Hacking
Kali Linux Developers
Meet The Kali Linux Developers

Meet the folks behind the Hacking Tools that make Kali Linux so damn awesome

Blog Post

N00b Hacking
OSCP Advice
How Difficult is OSCP? Get expert advice from those that passed!

We've interviewed over 25 Cybersecurity Professionals to ask them that exact question...

Blog Post

N00b Hacking
How To Hack WordPress 2020
How To Hack WordPress 2020

In this (constantly updated) resource we investigate ways to Hack WordPress

Blog Post

N00b Hacking
Pass CEH First Time
Pass CEH First Time: we ask experts in the field

Are you interested in passing CEH? If yes, read on, we have a ton of advice to share

Blog Post

N00b Hacking