WIRESHARK

From a previous post we talked about some of the commands used in LINUX to work with the networking and packets. But not only these commands, there are special softwares for tracking packet transfer between a host and client. ‘Wireshark‘ is the best example for this kind of softwares. Let’s see how to use wireshark for some basic things.

  • This is the GUI of the ‘Wireshark‘.

100

  • Under the capture category you can see the interface list, where you can use them to see the packet transferring.

101

102

  • Then you can select any number of interfaces from here and then start.

103

104

  • It shows all the sending packets and received packets. It’s bit messy, can’t understand clearly. So we can filter the packets as we want. Then it will be easy to identify from a group of same type of packets.
  • There is a text box named ‘filter‘. Here we can type the filtering value and then apply it to the output. Then it will filter and show the relevant packets information only.

105

  • Let’s see some of the filtering values.
  • Filter from the protocol.

106

107

  • Filter from the source IP address.

108.png

  • Filter from the destination IP address.

109

  • Filter from the port.

110

  • Filter the send packets.

113

  • Filter the received packets.

112

These are some of the examples of how to use filtering in Wireshark to identify packets. Hope you enjoyed the post. See you soon with another interesting topic. Thank You!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s