From a previous post we talked about some of the commands used in LINUX to work with the networking and packets. But not only these commands, there are special softwares for tracking packet transfer between a host and client. ‘Wireshark‘ is the best example for this kind of softwares. Let’s see how to use wireshark for some basic things.
- This is the GUI of the ‘Wireshark‘.
- Under the capture category you can see the interface list, where you can use them to see the packet transferring.
- Then you can select any number of interfaces from here and then start.
- It shows all the sending packets and received packets. It’s bit messy, can’t understand clearly. So we can filter the packets as we want. Then it will be easy to identify from a group of same type of packets.
- There is a text box named ‘filter‘. Here we can type the filtering value and then apply it to the output. Then it will filter and show the relevant packets information only.
- Let’s see some of the filtering values.
- Filter from the protocol.
- Filter from the source IP address.
- Filter from the destination IP address.
- Filter from the port.
- Filter the send packets.
- Filter the received packets.
These are some of the examples of how to use filtering in Wireshark to identify packets. Hope you enjoyed the post. See you soon with another interesting topic. Thank You!