Skip to content

Latest commit

 

History

History
60 lines (47 loc) · 2.71 KB

README.md

File metadata and controls

60 lines (47 loc) · 2.71 KB

Wireshark

Learning Wireshark with Me - Blee

Welcome to the Wireshark Learning Guide! This document will help you get started with Wireshark, a powerful tool for network protocol analysis.

Introduction Wireshark is an open-source packet analyzer used for network troubleshooting, analysis, and communications protocol development. It allows you to capture and interactively browse the traffic running on a computer network.

Installation

  1. Download Wireshark:
    • Visit the Wireshark website to download the latest version of Wireshark for your operating system. Here’s a Youtube video for guide: How to download and install Wireshark on Windows
  2. Install Wireshark:
    • Follow the installation instructions specific to your operating system. I personally used the wireshark in my Kali Linux

Setting Up Wireshark

  1. Edit Preferences:
    • Go to Edit > Preferences and choose the layout you prefer (Frame Layout).
  2. Adjust Delta Time:
    • If needed, change the delta time settings to UTC.
  3. Customise Colour Rules:
    • Set up colouring rules to highlight specific protocols or types of traffic. Navigate to View > Colouring Rules and adjust as necessary.
  4. Set Display Filters:
    • Learn to use display filters to focus on specific types of packets. This is essential for efficient analysis.

Capturing Network Traffic

  1. Check Interfaces:
    • Determine which interface Wireshark will use to capture packets.
    • Use the command: help -> About Wireshark -> OK
  2. Capture Options:
    • Go to Capture > Options to manage interfaces and settings.
    • Adjust capture options such as Manage Interfaces, buffer sizes, and output locations.
  3. Start Capturing:
    • Select the appropriate interface and click the Start button to begin capturing traffic.

Using Dumpcap for Command-Line Capture

  1. List Available Interfaces:
    • Use the command: dumpcap -D to list all interfaces.
  2. Capture Packets:
    • Choose an interface and start capturing with: dumpcap -i 1 (replace 1 with the desired interface number).
    • Store the captured data: dumpcap -i 1 -w /path/to/store/file.pcapng
  3. Advanced Capture Options:
    • Split files if needed: dumpcap -i 1 -W /path/to/store/file.pcapng -b filesize:1000 -b files:10

Filtering Traffic

  1. Capture Filters:
    • Define how data is brought into the network card. Set capture filters before starting the capture.
  2. Display Filters:
    • Apply display filters to focus on specific packets of interest after the capture.

Resources

Chris Greer: https://youtu.be/OU-A2EmVrKQ?si=TReWlboASfyVgk95

Lisa Bock: https://lnkd.in/dzHGNRJQ

The is also more platform on which you can learn wireshark , i will highly recommend Tryhackme cause of the labs