/wsg/ Wire Shark General (beta)
Inform your fellow anons about what you've discovered using this program.
01 How to use it, (new)
02 What can you sniff and what did you learn from it
03 Security and more
04 Networks gen
05 Bbbut im just a troll, I don't know how to use such a tool
06 Data gen
07 Good tutorials on wireshark
08 Alternative programs for network sniffing
(last thread: empty)
*don't be a cunt*
bump
Come on, nobody on Jow Forums has a job where they'd actually use this and have any real world skills.
Add tcp.seq tcp.ack tcp.nxtseq tcp.stream columns in your TCP profile
Add other useful columns in your other profiles, like MAC VLAN Ethertype for your L2 profile, the LACP Port and Actor for your 802.3ad profile, SACK and TSN for your SCTP profile, etc
Right click and Follow TCP Stream
You can right click any packet data and Copy As Filter or Prepare As Filter
If you're looking at http or SMB, you can pull files out of the pcap, it's under the File menu
tshark has useful summary commands like -q -z conv,IP
tshark -T fields can be used to get data to pipe into sort, uniq, or awk for other useful inferences
That's all pretty beginner level stuff. I've wanted to do the Laura Chappell Wireshark University certs for a while.
Bump
Why didn't you do it and why this course out off all courses in the first place?
>look I just found out about wireshark, because I installed kaliOS
Install ettercap
Tel me more..
Can I sniff cute girls with this?
Wireshark isn't real skill and packet analysis is easy skid shit
i use it in Telco. We have iris but thats a piece of shit. Mosty checking isup/sip protocols.
...
What about tcpdump? How can I view the data captured afterwards?
How easy is it to DNS mitm?
IIRC you can save tcpdump captures as pcapng and then simply open that file with wireshark for viewing
There is some "skill" but it's not much. One you learn to recognize basic things like TCP handshake, DORA (DHCP handshake), etc you can diagnose pretty much all network related problems
It's easy if the DNS is unencrypted, which most DNS requests are. You have to place yourself in between the client and the DNS server by using ARP spoofing, or by gaining control of something that's already in the middle an inline appliance/server. At that point you can just read the plaintext DNS request packet, parse out the target domain (e.g. facebook.com), and if it matches what you're looking for simply craft a new DNS answer packet with an IP address of your choosing and send it back to the client
Isn't there something simpler than wireshark for viewing ?
I legit can't work out how to sniff AMF3 packets with this.
>It's easy if the DNS is unencrypted, which most DNS requests are. You have to place yourself in between the client and the DNS server by using ARP spoofing, or by gaining control of something that's already in the middle an inline appliance/server. At that point you can just read the plaintext DNS request packet, parse out the target domain (e.g. facebook.com), and if it matches what you're looking for simply craft a new DNS answer packet with an IP address of your choosing and send it back to the client
I am setting up open wifi near the girls' dorms at my uni to do this, where can i find some good clone frontpages to harvest passwords?
How do you sniff traffic coming from only a certain program?
Hadn't used this for a while until the other day. It was interesting doing IO graphing with display filters. I was testing VNC bandwidth consumption.
Find out what port numbers and IPs it's using. Look into the netstat command.
How do I use this shit to spy on my Girlfriend?
>tfw nobody bothered capturing packets from that mmo you liked before they shut down the servers
step 1 - leave Jow Forums long enough to acquire gf
this.
Also it's fun for playing CTF.