Using Wireshark filter ip address and port in Kali Linux

MODULE 11:- Sniffing and Spoofing

  1. Using Wireshark filter ip address and port in Kali Linux
  2. Learn about macchanger or MAC spoofing in Windows 10 & Linux
  3. Arp poising attack with ettercap tutorial in Kali Linux
  4. Kali Linux man in the middle attack tutorial step by step

Using Wireshark filter ip address and port inside network

Hello friends, I am glad you here and reading my post on Using wireshark filter ip address. In this I will cover about sniffing, wireshark, it’s features, capturing data by wireshark filter ip address and port. First we discuss about Senario.

Scenario:

If your PC inside network or using wifi in your laptop, mobile, and other devices. If you open the any site and enter the login credential username and password. This username and password is transmit over the network and same if you enter the credit card information, also travel over the network. If someone called hacker can capture this credential then assume what will be happened? And it is possible by sniffing let’s see how!

What is Sniffing?

Sniffing is the process to monitor and capture the data travel over the network. This process commonly used by Network Administrator or Security auditor to find out the issue in the network and malicious activity inside network. Some Bad guy called hacker used this process to capture important credential like Username, password and credit card information. Once the information is captured hacker can get access without any problem. All this is happened by network sniffer tools like wireshark tcpdump etc.

Definition of Wireshark:

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.

You could think of a network packet analyser as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).

Wireshark is perhaps one of the best open source packet analysers available today.

Some intended purposes of Wireshark

Here are some examples people use Wireshark for:

  • Network administrators use it to troubleshoot network problems
  • Network security engineers use it to examine security problems
  • Developers use it to debug protocol implementations
  • People use it to learn network protocolinternals

Using wireshark Features

The following are some of the many features Wireshark provides:

  • Available forUNIX and Windows.
  • Capturelive packet data from a network interface.
  • Openfiles containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
  • Importpackets from text files containing hex dumps of packet data.
  • Display packets withvery detailed protocol information.
  • Savepacket data captured.
  • Exportsome or all packets in a number of capture file formats.
  • Filter packetson many criteria.
  • Searchfor packets on many criteria.
  • Colorizepacket display based on filters.
  • Create variousstatistics.

Open Wireshark in Kali Linux: In Kali Linux wireshark exist under Application > Kali Linux > Top 10 Security Tools > Wireshark Or type following command on terminal and hit enter

$wireshark &

open wireshsark in kali linux

Capturing data in Wireshark:

After start wireshark you will find the list of available interface like eth0 or wireless etc. select the interface and click on start to start capturing process. As soon as you click one the start, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to your system or from your system. If you’re capturing data over wireless interface and have enabled promiscuous mode, you’ll be able to see other’s system packets over the network.

selecet interface and start capturing

Stop the capturing: To stop the capturing, click on the cross sign over interface in red colour

Save captured data: for analyzing the traffic over the network later you need to save captured data into the file. Next, File > save, Give the location where you want to save and file name then click on the save. By default file saved in .pcapng format in wireshark version 1.10.2.

save file 1

Open saved file: To open the saved file go, File > Open or press Ctrl+O short key and browse saved file then open.

Capture only incoming and outgoing traffic on particular IP address 192.168.1.3

  • host == 192.168.1.3

Capture traffic to or from a range of IP addresses:

  • addr == 192.168.1.0/24

Capture traffic from a range of IP addresses:

  • src == 192.168.1.0/24

Capture traffic to a range of IP addresses:

  • dst == 192.168.1.0/24

Capture only DNS (port 53) traffic:

  • dns

Capture only Ethernet type EAPOL:

  • eapol

DNS and not particular IP address

  • (dns) && !(ip.dst == 192.168.1.4)

DNS and destination ip address

  • (dns) && (ip.dst == 192.168.1.4)

And more filters are available you can Visit for more detail

filter examplewireshark filter ip address

https://wiki.wireshark.org/CaptureFilters

https://www.wireshark.org/docs/wsug_html_chunked/ChapterCapture.html

 

Analyze a Single packet : Double click on the packet the new window will be open in this window you will found all the information related that packet

analyze single packet

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *