My Blog

Reminder: This is for educational purposes only, it is not meant for any criminal act or illegal activity.

Wireshark is a packet sniffing tool which sniffs packets sent in the network traffic. With this tool, we can see where the packets are going and where they come from, do man in the middle attack, see open ports, and extract unencrypted data and sensitive information. Wireshark is already installed in the Kali Linux.

To use Wireshark, first open Wireshark. There will be the screen as shown below.

Choose the Wi-Fi connection with up and down line. It will capture the traffic.

The traffic captured is shown in frames. In order to filter the messy frames and traffic, you can enter string into the empty bar with the words “Apply a display filter.” I search for frames containing HTTP protocol by entering http into the filter bar.

We can also filter by source or destination, the frame colour, the frame number, and other variables. Do right click on the items in the white box or right click on the items in the coloured frames (if you click on the frame number, the frame number will be filtered) and then click on apply filter to either select and display it or not select it to display everything but not the one you clicked on.

You can also see the activity or the file that is downloaded, for example I downloaded a picture of hamster from Google.

In Wireshark, we can follow the TCP stream to see the whole process of sending and receiving of the data. Usually it will immediately filter to the number of the TCP stream out of many streams. We can look around by clicking the arrow up and down button on the stream to search for the request we sent to the server and receiving an OK status from the server. I got it at the fourth stream.

It is not difficult to use Wireshark right? 🙂