Wireshark 101: How to Wireshark, Haktip 115
ฝัง
- เผยแพร่เมื่อ 17 ก.ย. 2014
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
On this HakTip, Shannon Morse breaks out Wireshark for a beginning look at the packet sniffing tool.
Today we're starting a short series on Wireshark! Hopefully, by the end of this series, you'll understand most of the basics of Wireshark and be able to solve many problems.
If you're thinking "Hey Hak5, you've done this already! You're right! Kind of. We have used Wireshark in the past for several segments, and I did a short intro video back on episode 64 of HakTip, but now, we'll really delve into it.
First off, a little bit of review: Wireshark is a network analyzer for Windows, Mac Linux- a tool that is used to inspect data passing through a network interface, be it your Ethernet LAN or even Wireless radio. This can also include radios! These bits of data are considered Frames, of which include "packets". Wireshark has the ability to capture all the packets that are sent and received over your network and decode them for analysis.
These packets are made up of all sorts of data, from browsing history to keylogs. Wireshark can find all these packets sent over TCP/IP. Wireshark is available to download for free at Wireshark.org.
For this series, I will be using Wireshark on my Windows 8 laptop - an Acer Aspire S7. It runs pretty much the same on all other operating systems. On today's episode, we'll start looking at the graphical user interface and introduce you to what the heck a packet capture is!
Firstly, when you open Wiresark, there's a couple of toolbars at the top, an area called Filter, and a few boxes below in the main window. Online directly links you to Wiresharks site, a super handy user guide, and information on the security of Wireshark. Under Files, you'll find Open, which lets you open previously saved captures, and Sample Captures. You can download any of the sample captures through this webpage, and study the data. This will help you understand what kind of packets Wireshark can capture.
Lastly is the Capture section. This will let you choose your Interface. If I click on mine, you can see each of the interfaces that are available for me to sniff on. It'll also show you which ones are active - mine is on Wi-Fi, so it is most active. Clicking details will show you some pretty generic information about that interface.
Under Start, you can choose one or more interfaces to check out. Capture Options allows you to customize what information you see during a capture. Take a look at your Capture Options - under here you can choose a filter, a capture file, and more.
Under Capture Help, you can read up on how to capture, and you can check info on Network Media about what interfaces work on what platforms.
Let's go ahead and run our first packet capture. I chose Wi-Fi, and click Start.
You'll see a bunch of weird stuff flying through your Wireshark window. During my capture, I browsed the web a bit and logged on to a few sites. To stop a capture, press the red square in the top toolbar. If you want to start a new capture, hit the green triangle which looks like a shark fin next to it. Now that I've got a finished capture, I can click File, and save, open, or merge the capture. I can print it, I can quit the program, and I can export my packet capture in a variety of ways.
Under edit, I can find a certain packet, with the search options, I can copy packets, I can mark (highlight) any specific packet, or all the packets. Another interesting thing you can do under Edit, is resetting the time value. You'll notice that the time is in seconds incrementing. You can reset it from the packet you've clicked on. I can add a comment to a packet, configure profiles and preferences.
Now, I'm giving you homework! Install Wireshark and run your first capture. It doesn't matter what interface you use, just pick one that you're connected to. Now, look through your packet capture and see if you can distinguish between all the different types that appear.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
![[4K] BABYMONSTER(베이비몬스터) “FOREVER” Band LIVE Concert “영원히” 베몬만을 사랑하게 되…💗 [it’s KPOP LIVE 잇츠라이브]](http://i.ytimg.com/vi/TQfC0xdpiw4/mqdefault.jpg)
Thank-you for this series. Very well done. A great primer.
Finally a wireshark video!! been waiting a long time for them to get on this
I've used Wireshark for years (actually from way back when it was Ethereal) but thanks for the video. It has highlighted some newer features I was not aware of.
Hi Shana, By far you are the best trainer. Great attitude and refreshing. Many thanks
yeah!! great learning, thank you sis.
Beautiful teacher ❣️
Awesome stuff guys!
Please do a series on ettercap
ANother cool video. Thank you . Really enjoyed it
I have a capture of a WAP that was being attacked. The attacker spoofed an authorized MAC and duplicated every IP on the network thus disrupting the LAN. I isolated the WAP from the LAN and connected it to a laptop running Wireshark so I could determine what was going on with the WAP. Replaced the WAP with a newer one that can detect and block such attacks. Without Wireshark I would not have known for certain if it was an attack or a malfunctioning WAP.
Brilliant! That's a great use-case scenario.
Shannon Morse Thanks, but it was you and Darren doing things with Wireshark that gave me the idea. A bit of Googling on how to identify threats in Wireshark and I was armed. So, truth be told, I should be thanking you. You made me look like a Genius to my customer. Thank you. Thank you. Thank you.
Mike Whitenton awww, no thank you for supporting us by watching the show. Seriously, it keeps us in business! :)
I like to watch your videos because I LIKE TO SEE YOU !!!
Good video! I even learned (at 7:00 in the video) that Jared Leto allegedly has an allegedly enormous "thing" :P
Yeah
more like this please
Love Wireshark, and have been using it for years. Long before it was called wireshark (I think it was ethereal or something like that).
Good start to a nice series.
Yup, Ethereal, before the creator when off on his own and rebranded it back in... 2006?
Thank you :)
Could you put your Wireshark videos into a TH-cam playlist, please?
dont ask her to be organized
@@Humanoidable Its a logical question he wants to watch them in order
Shane Goodman was
Great show, Shannon.
Is it possible to see where Ads in Skype are coming from? I see http requests appearing in WS, but there are many other types of packets that appear. How do I know which ones are related to the Skype Ads, to help me determine if I have adware or if this is genuinely being served by Skype?
Im curious about this as well.
Can anyone on the network with Wireshark installed capture the packets of everyone on the network? That's very very unnerving if that's the case...
Welcome to the Internet ;)
you seem to have more options on what to capture than I do, is there a reason why?? I can capture wifi or local connections can you tell me why?? hoping for a reply..
Interfaces? I just have a lot of interfaces built into my laptop to use. So you might have very different hardware.
Good Share , I wish I knew how you were shooting the video though of your screen in the background whilst your in the forefront. Pretty cool videos keep it up.
I have no idea would ha e to ask the show producer
+Mark Robinson essentially the technique is achieved wth a green screen typically in which in post production "chroma key" is used in the editing software to isolate the green color specifically and thus replace that area with any desired effects(video,photo,etc)
Sis I would like to get an intro of armitage beEF and metasploit,thanks
I got it to work, but how do you tell which ones are encrypted?
Well the idea behind encrypting your traffic is to prevent against this. You aren't able to read the contents of encrypted packets.
thanks
good job ..
She has the same outfit as icarly lmao
lol i couldent help but googled it thanks 4 the usless information
@@badboygangsta5318lol wtf
Love you sis
Is this skill useful for a software developer?
Although not necessary, knowing how to maneuver your way around a network analyzer such as wireshark can prove quite useful when implementing software security
Is this tool can work on both 64 and 32 bit systems please ?
yes both 32 and 64 bit.
thanks mate
Where are the files?Please slow down a bit.
--I just KNOW this means Something....!
2014 and 1080p HD
wow.....
Confused af!!!!!!!!!!
Hello
Omg windows....
Good job your telling people to how track people down....
no.
exactly,no.
"Hacks" on an Acer Laptop.....
you can "hack" on any laptop, its not the computer its the OS or tools that matter
Mitnick used Toshiba
I fucking use a Raspberry Pi for pentesting, you can hack with a toaster, if te correct tools are instaled
What's with all the videos using Windows lately? Garbage.
TOTALLY. Thanks for the view. You're paying my rent. :)
Shannon Morse To clarify, I wasn't saying yourself or the show are garbage, just that Windows is. Hope that clears things up.
The Aftermath Ahh, thanks for the clarification. I agree, windows does tend to be garbage sometimes. i've been using it lately because all the software I've been showing off just tends to work right in it. Also, my Linux laptop is very slow (an i3) so I like to use this one instead (an i5). Wireshark doesn't always play nice in VM's though, so I choose to just stay on the current OS. I can dual boot into a Linux os, but Windows 8 UEFI doesn't play nice all the time with trying to boot off a thumb drive.
She said you could use whatever OS is supported. This isn't LinuxHak5. or "HaksAreOnlyUsefulOnLinuxOS5". dont be such a fangirl about things.
Windows is perfect............................................,...............btw, i have a 93 gb update
Wireshark is garbage. I an do more with Windows 7 command prompt and netsh
*****
FINE YOU WIN LEAVE ME ALONE
Wild statement. For starters, netsh doesn't run on other platforms. On linux you can hack USB comms too. Personally I've not looked at netsh for several years but because of your comments, I will and see how it stacks up.
I am starting a series on Netsh if you're interested. Stay tuned
you cant wireshark
you need to do all with cmd console
git gud and use linux
damn windows nubs
0/10
1/10 ( I kinda get it).
I think I remember her from tekzilla.