MODULE 11:- Sniffing and Spoofing
Using Wireshark filter ip address and port inside network
Hello friends, I am glad you here and reading my post on Using wireshark filter ip address. In this I will cover about sniffing, wireshark, it’s features, capturing data by wireshark filter ip address and port. First we discuss about Senario.
If your PC inside network or using wifi in your laptop, mobile, and other devices. If you open the any site and enter the login credential username and password. This username and password is transmit over the network and same if you enter the credit card information, also travel over the network. If someone called hacker can capture this credential then assume what will be happened? And it is possible by sniffing let’s see how!
What is Sniffing?
Sniffing is the process to monitor and capture the data travel over the network. This process commonly used by Network Administrator or Security auditor to find out the issue in the network and malicious activity inside network. Some Bad guy called hacker used this process to capture important credential like Username, password and credit card information. Once the information is captured hacker can get access without any problem. All this is happened by network sniffer tools like wireshark tcpdump etc.
Definition of Wireshark:
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyser as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).
Wireshark is perhaps one of the best open source packet analysers available today.
Some intended purposes of Wireshark
Here are some examples people use Wireshark for:
- Network administrators use it to troubleshoot network problems
- Network security engineers use it to examine security problems
- Developers use it to debug protocol implementations
- People use it to learn network protocolinternals
Using wireshark Features
The following are some of the many features Wireshark provides:
- Available forUNIX and Windows.
- Capturelive packet data from a network interface.
- Openfiles containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
- Importpackets from text files containing hex dumps of packet data.
- Display packets withvery detailed protocol information.
- Savepacket data captured.
- Exportsome or all packets in a number of capture file formats.
- Filter packetson many criteria.
- Searchfor packets on many criteria.
- Colorizepacket display based on filters.
- Create variousstatistics.
Open Wireshark in Kali Linux: In Kali Linux wireshark exist under Application > Kali Linux > Top 10 Security Tools > Wireshark Or type following command on terminal and hit enter
Capturing data in Wireshark:
After start wireshark you will find the list of available interface like eth0 or wireless etc. select the interface and click on start to start capturing process. As soon as you click one the start, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to your system or from your system. If you’re capturing data over wireless interface and have enabled promiscuous mode, you’ll be able to see other’s system packets over the network.
Stop the capturing: To stop the capturing, click on the cross sign over interface in red colour
Save captured data: for analyzing the traffic over the network later you need to save captured data into the file. Next, File > save, Give the location where you want to save and file name then click on the save. By default file saved in .pcapng format in wireshark version 1.10.2.
Open saved file: To open the saved file go, File > Open or press Ctrl+O short key and browse saved file then open.
Capture only incoming and outgoing traffic on particular IP address 192.168.1.3
- host == 192.168.1.3
Capture traffic to or from a range of IP addresses:
- addr == 192.168.1.0/24
Capture traffic from a range of IP addresses:
- src == 192.168.1.0/24
Capture traffic to a range of IP addresses:
- dst == 192.168.1.0/24
Capture only DNS (port 53) traffic:
Capture only Ethernet type EAPOL:
DNS and not particular IP address
- (dns) && !(ip.dst == 192.168.1.4)
DNS and destination ip address
- (dns) && (ip.dst == 192.168.1.4)
And more filters are available you can Visit for more detail
Analyze a Single packet : Double click on the packet the new window will be open in this window you will found all the information related that packet