Back to course

Wireshark I: Introduction to Packet Sniffing (Tool)

Cyber Security Mastery: From Zero to Hero

The Power of Visibility: Wireshark

Wireshark is the world's most popular network protocol analyzer. It allows you to see exactly what data is traveling across a network cable or airwave, layer by layer.

What is Packet Sniffing?

Packet sniffing (or packet analysis) is the process of capturing raw network data (packets) traveling across a network medium. This is essential for:

  • Troubleshooting network issues.
  • Analyzing malware traffic.
  • Detecting unencrypted credentials or sensitive data.

Wireshark Basics

  1. Interface Selection: You must select the network interface you want to monitor (e.g., eth0 for wired, wlan0 for wireless).
  2. Capture: Wireshark captures all packets passing through that interface.
  3. Display: It organizes the data into three panes: Packet List, Packet Details, and Hex Dump.

Crucial Requirement: To sniff traffic not directly addressed to your machine (e.g., traffic between two other hosts on the network), your network card must be in Promiscuous Mode (or you must be using specialized techniques like ARP poisoning).