Learning Networks with Linux: Standard GUI network sniffer “wireshark”

The wireshark is analogous to tcpdump but comes with a graphical front-end, integrated sorting and filtering options, and has become a standard sniffer recently. If you have Kali Linux installed, you will find it from Applications: 09 Sniffing and Spoofing ->Wireshark. Otherwise, one can install it from the official repository, i.e., “sudo apt install wireshark” after which one can either type “sudo wireshark” from the terminal or find and run it from Applications section of your GUI desktop environment.

Learning Networks with Linux: Network traffic analyzer “tcpdump”

This post is a chapter of “Learning Networks with Linux” (see the full list).

Basic structure of wireshark

Once you start wireshark, you can choose interface to listen, mostly likely wlan0 on your physical machine while you would choose eth0 if you are running on a virtual machine, see the figure below. If you are not sure, choose the one with the highest activity level.

Figure taken from the book Network Basics For Hackers.

Then, the wireshark starts to capture packets from your network while at the same time packaging…