Using Wireshark filter ip address and port inside network
Hello friends, I am glad you here and reading my post on Using Wireshark filter IP address. In this I will cover sniffing, Wireshark, its features, capturing data by Wireshark filter ip address and port. First, we discuss the Scenario.
Scenario:
If your PC inside the network or using wifi on your laptop, mobile, and other devices. If you open any site and enter the login credential username and password.
This username and password is transmitted over the network and same if you enter the credit card information, also travels over the network. If someone called a hacker can capture this credential then assume what will be happened? And it is possible by sniffing let’s see how!
What is Sniffing?
Sniffing is the process to monitor and capture the data travel over the network. This process is commonly used by Network Administrator or Security auditors to find out the issue in the network and malicious activity inside the network. Some Bad guy called hacker used this process to capture important credentials like Username, password, and credit card information. Once the information is captured hacker can get access it without any problem. All this is happened by network sniffer tools like Wireshark tcpdump etc.
Definition of Wireshark:
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyser as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).
Wireshark is perhaps one of the best open source packet analysers available today.
Some intended purposes of Wireshark
Here are some examples people use Wireshark for:
- Network administrators use it to troubleshoot network problems
- Network security engineers use it to examine security problems
- Developers use it to debug protocol implementations
- People use it to learn network protocolinternals
Using wireshark Features
The following are some of the many features Wireshark provides:
- Available forUNIX and Windows.
- Capturelive packet data from a network interface.
- Openfiles containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
- Importpackets from text files containing hex dumps of packet data.
- Display packets withvery detailed protocol information.
- Savepacket data captured.
- Exportsome or all packets in a number of capture file formats.
- Filter packetson many criteria.
- Searchfor packets on many criteria.
- Colorizepacket display based on filters.
- Create variousstatistics.
- …and a lot more! https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
Open Wireshark in Kali Linux: In Kali, Linux Wireshark exist under Application > Kali Linux > Top 10 Security Tools > Wireshark Or type the following command on the terminal and hit enter
$wireshark &
or Use Graphic interface as following image
Capturing data in Wireshark:
After start wireshark you will find the list of available interface like eth0 or wireless etc. select the interface and click on start to start capturing process. As soon as you click one the start, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to your system or from your system. If you’re capturing data over wireless interface and have enabled promiscuous mode, you’ll be able to see other’s system packets over the network.
Stop the capturing: To stop the capturing, click on the cross sign over the interface in red color
Save captured data: for analyzing the traffic over the network later you need to save captured data into the file. Next, File > save, Give the location where you want to save and file name then click on the save. By default file saved in .pcapng format in Wireshark version 1.10.2.
Open saved file: To open the saved file go, File > Open or press Ctrl+O short key and browse saved file then open.
Capture only incoming and outgoing traffic on a particular IP address 192.168.1.3
- host == 192.168.1.3
Capture traffic to or from a range of IP addresses:
- addr == 192.168.1.0/24
Capture traffic from a range of IP addresses:
- src == 192.168.1.0/24
Capture traffic to a range of IP addresses:
- dst == 192.168.1.0/24
Capture only DNS (port 53) traffic:
- dns
Capture only Ethernet type EAPOL:
- eapol
DNS and not particular IP address
- (dns) && !(ip.dst == 192.168.1.4)
DNS and destination ip address
- (dns) && (ip.dst == 192.168.1.4)
And more filters are available you can Visit for more detail
wireshark filter ip address https://www.wireshark.org/docs/
Analyze a Single packet: Double click on the packet the new window will be open in this window you will found all the information related to that packet
MODULE 11:- Sniffing and Spoofing