Wireshark is a free application that allows you to capture and view the data traveling back and forth on your network, providing the ability to drill down and read the contents of each packet – filtered to meet your specific needs. It is commonly utilized to troubleshoot network problems as well as to develop and test software. This open-source protocol analyzer is widely accepted as the industry standard, winning its fair share of awards over the years.
Originally known as Ethereal, Wireshark features a user-friendly interface that can display data from hundreds of different protocols on all major network types.
Winpcap : Windows Packet Capturing Manager
USBpcap : USB extension for saving .cap file to usb drives.
Download : https://www.wireshark.org/download.html
Packet List :
Time: The timestamp of when the packet was captured is displayed in this column.
Source: This column contains the address (IP or other) where the packet originated.
Destination: This column contains the address that the packet is being sent to.
Protocol: The packet’s protocol name (i.e., TCP) can be found in this column.
Length: The packet length, in bytes, is displayed in this column.
Info: Additional details about the packet are presented here. The contents of this column can vary greatly depending on packet contents.
Filtering on the basis of IP
= ip.addr == IPADDRESS
For Filtering particular “source”
1. ip.src == 192.168.43.43
For Filtering particular “protocol”
Using multiple Filters
3. dns && ip.src == 192.168.43.1
Filtering particular Destination
4. ip.dst == 192.168.43.43
Filtering Multiple Sources (Both Condition should be True)
5. ip.src == 192.168.43.43 && ip.src == 192.168.43.1
Filtering Multiple Sources (Any Condition should be True)
6. ip.src == 192.168.43.43 || ip.src == 192.168.43.1
Either this address in source or destination
7. ip.addr == 192.168.43.43
Not Condition (Dont want to view this source)
8. !(ip.src == 192.168.43.43)
Mutiple filters and both should be true as this is having &&
9. ip.src == 192.168.43.43 && !(ip.dst == 192.168.43.1)
For filtering packets on basis of data it contains
10. tcp contains demo.testfire.net
For filtering pckets contains password
11. http.request.method == “POST”