Hardware Reference
In-Depth Information
In the preceding screenshot, we have entered a simple filter to single out HTTP
protocol conversations. Wireshark's filtering facilities are highly advanced and can be
tweaked to locate the needle in any network haystack. We have selected a PNG image
data packet that was sent from Wikipedia to
192.168.1.7
and we can right-click on
the
Portable Network Graphics
layer and select
Export Selected Packet Bytes
to save
that image to our desktop. Another nice feature is
Follow TCP Stream
, which allows
us to follow along in the conversation between the web server and web browser.
Running Wireshark in Windows
Let's get Wireshark up and running by following these steps:
1.
latest stable Windows Installer for your version of Windows (
Wireshark-
winXX-1.12.2
at the time of writing).
2.
Run the installer to install Wireshark. Note that installing the WinPcap
component is optional and is only needed if you plan to sniff on the
Windows machine itself.
3.
Start a command prompt from the Start menu by clicking on the shortcut
or by typing
cmd
in the
Run/Search
ield.
Now type in the following command to open up the
mycapture.pcap
packet log
from the previous Ettercap example over the network via SSH:
C:\> "C:\Program Files (x86)\PuTTY\plink" pi@[IP address] -pw [password]
cat ~/mycapture.pcap | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
Note that it's generally a bad idea to try to read this file live while Ettercap
is running.
The same method can be used to read packet dumps from Kismet:
C:\> "C:\Program Files (x86)\PuTTY\plink" pi@[IP address] -pw [password]
cat ~/kismetlogs/Kismet-XXXX.pcapdump | "C:\Program Files\Wireshark\
wireshark.exe" -k -i -
Running Wireshark in Mac OS X
Let's get Wireshark up and running with the help of these steps:
1.
Wireshark on the Mac requires an
X11
environment to be installed. If you're
download and install the latest version of
XQuartz
.