Wireshark

From XennisWiki
Jump to: navigation, search

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. (Wikipedia)

Download and setup

You can download Wireshark form the official website.

Debian
apt-get install wireshark

Settings

Helpful settings:

Resolve IP addresses (show domains instead of IP addresses)

  • Edit > Preferences
  • Under Name Resolution activate Resolve network (IP) addresses

Usage

Filter

Further information: Top 10 Wireshark Filters

Filter any packet with this IP as source or destination

ip.addr == IP-ADDRESS

Filter all HTTP packets with a specific content type and response code

http.content_type contains "text/html" and http.response.code == 200

Filter all HTTP packages with the content Xennis

data-text-lines contains "Xennis"

Filter all TCP packages with a port number greater then 60000

60000

Problems and errors

Cannot capture as non root user

(1) Reconfigure wireshark and select yes for the question Should non-superusers be able to capture packets?. (2) Add your user account to the wireshark group

dpkg-reconfigure wireshark-common 
usermod -a -G wireshark $USER

Next logout and login again.

See also

External links