Wireshark 4.0.2
Makes it easy to see the sensitive data travelling around your network.
Wireshark is a packet analyser with an easy-touse GUI. It enables you to capture and analyse the data that travels around your network. You can use it to track down insecure software that has the potential to cause problems, and you can also use it to find out a bit more about the protocols that make a network and even the internet work. Best of all, it’s easy to get started.
Let’s start with a simple example. Load up Wireshark and select the network adaptor that you use for connection with the internet when prompted. If you open a web browser and browse to a website, you should see a flurry of packet data in the main Wireshark window. Presuming that test works and you can see some traffic, put icmp into the filter field. Open a terminal window and type code ping google. com . You should now see the traffic from the ping tool in the main window. Click on the X icon in the filter bar to clear it.
Sometimes, it’s not clear what you need to put into the filter bar, and a good starting point when you’re first learning how to use Wireshark is to right-click on an individual entry in the main window (a packet) and use that (Apply As Filter > Selected). This automatically generates a filter based on that packet and places it in the filter bar.
FTP is a common protocol that is still very often used without any encryption. If you leave Wireshark running and type FTP into the filter bar, you (and anyone listening in on your network) will see the username and password transmitted in plain text when you use FTP.
Bear in mind, in many cases, you can place the network adaptor into promiscuous mode and spy on traffic that is transmitted and received by other machines on the same network as yourself. Hopefully, most of the traffic moving to or from a modern Linux box is sent in encrypted form, but it’s frightening to think about the amount of unencrypted information that was being sent around a typical office network in the days before most websites switched to forcing an HTTPS connection at all times.