GGeneral

Wireshark Installation Guide: Step-by-Step for Beginners

  • 19/11/2023
0
Shares
0
0
0
0
0
0
0

Wireshark is an open-source packet analysis tool used for capturing, inspecting, and analyzing network traffic. Wireshark provides the ability to capture, examine, and analyze packets passing through a network. Its key features include:

  1. Packet Capture: Live capture and examination of packets passing through a network.
  2. Protocol Analysis: Support for various network protocols, enabling detailed analysis of packets.
  3. Graphical Interface: User-friendly graphical interface for packet analysis.
  4. Filtering: Monitoring desired traffic by filtering specific protocols, IP addresses, or ports.
  5. Deep Inspection: Detailed examination and analysis of packet contents.
  6. Color Coding: Visual differentiation of different packet types through color-coded representation.
  7. Statistics: Providing various statistics about network traffic.
  8. Wireshark Lua API: Adding custom analysis and filtering functions using the Lua programming language.

Wireshark is widely used for diagnosing network issues, detecting security vulnerabilities, or assessing network performance. It is favored by both beginners and experienced network professionals.

Installing Wireshark

For Windows Operating System:

  1. Visit the official Wireshark website: Wireshark Downloads.
  2. On the download page, select the stable version suitable for Windows.
  3. Run the downloaded file and follow the installation wizard.
  4. During the wizard, you may be prompted to install “WinPcap” and “USBPcap” drivers. Install these drivers as well.
  5. Once the installation is complete, Wireshark can be launched.

For macOS Operating System:

  1. Visit the official Wireshark website: Wireshark Downloads.
  2. Download the stable version suitable for macOS.
  3. Open the downloaded file and drag the Wireshark application into the “Applications” folder.
  4. Launch the Wireshark application from the “Applications” folder.

For Linux Operating System:

Debian/Ubuntu-Based Distributions (Using apt Package Management):
sudo apt update
sudo apt install wireshark
sudo usermod -aG wireshark $USER
Red Hat/Fedora/CentOS-Based Distributions (Using yum or dnf Package Management):
sudo yum install wireshark

or

sudo dnf install wireshark
For Other Linux Distributions:

Wireshark is available in the repositories of many Linux distributions. You can install Wireshark using the specific package management of your distribution.

After installation, launch Wireshark to start analyzing network traffic. Note: Typically, using Wireshark requires root or sudo privileges.

Wireshark Cheat Sheet for Linux:

  1. Install Wireshark: 
    sudo apt update
sudo apt install wireshark
sudo usermod -aG wireshark $USER
  2. Start Wireshark: 
    sudo wireshark
  3. Select Interface:
    • Choose the network interface for packet capture.
  4. Capture Packets:
    • Click on the “Start” button to begin capturing packets.
  5. Stop Capture:
    • Click on the “Stop” button to end the packet capture.
  6. Apply Display Filter:
    • Use display filters to focus on specific protocols, IP addresses, or ports.
  7. Follow TCP Stream:
    • Right-click on a TCP packet and select “Follow > TCP Stream” for detailed TCP conversation.
  8. Color Coding:
    • Wireshark uses colors to represent different packet types for visual identification.
  9. Statistics: 
    Statistics > Overview
  10. Export Packet Dissections:
    • Save packet details in different formats like CSV or plain text.
  11. Apply Coloring Rules:
    • Customize packet colors based on specific criteria.
  12. Graphs:
    • Generate graphical representations of statistics, such as packet rate or IO graph.
  13. VoIP Analysis:
    • Wireshark has features for analyzing Voice over IP (VoIP) traffic.
  14. Profile and Time Markers:
    • Create time markers to identify events in the packet capture.
  15. Save and Load Captures:
    • Save captured packets to a file for later analysis or share captures with others.
  16. Use Expert Information:
    • Leverage expert information to identify potential issues in the capture.
  17. Follow UDP Stream:
    • Similar to TCP, analyze UDP streams by right-clicking and selecting “Follow > UDP Stream.”
  18. Search Packets:
    • Use the display filter toolbar to search for specific packets.
  19. Set Preferences:
    • Customize Wireshark’s behavior through preferences.
  20. Reassemble TCP:
    • Reassemble TCP streams for a complete view of data transmission.
  21. Wireshark Lua Scripts:
    • Extend Wireshark’s functionality using Lua scripts.

This cheat sheet provides quick references for using Wireshark on Linux effectively. Customize commands based on your specific analysis needs.

0 Shares:
Share 0
Tweet 0
Share 0
Share 0
Share 0
Share 0
Share 0
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

— Previous article

Getting Started with Tcpdump: Installation Guide and Basics

Next article —

A Developer's Guide to Git: Exploring the Foundations and Best Practices

You May Also Like
Read More
  • 3 minute read
GGeneral

Starting Prometheus and Basic Usage

  • 15/11/2023
Prometheus is an open-source system and service monitoring tool primarily used for collecting, storing, visualizing, and generating alerts…
Read More
  • 2 minute read
GGeneral

Key Features of K6

  • 14/11/2023
“K6 performance tool” refers to an open-source performance testing tool used to assess and measure the performance of…