Book Image

Mastering Wireshark 2

By : Andrew Crouthamel
Book Image

Mastering Wireshark 2

By: Andrew Crouthamel

Overview of this book

Wireshark, a combination of a Linux distro (Kali) and an open source security framework (Metasploit), is a popular and powerful tool. Wireshark is mainly used to analyze the bits and bytes that flow through a network. It efficiently deals with the second to the seventh layer of network protocols, and the analysis made is presented in a form that can be easily read by people. Mastering Wireshark 2 helps you gain expertise in securing your network. We start with installing and setting up Wireshark2.0, and then explore its interface in order to understand all of its functionalities. As you progress through the chapters, you will discover different ways to create, use, capture, and display filters. By halfway through the book, you will have mastered Wireshark features, analyzed different layers of the network protocol, and searched for anomalies. You’ll learn about plugins and APIs in depth. Finally, the book focuses on pocket analysis for security tasks, command-line utilities, and tools that manage trace files. By the end of the book, you'll have learned how to use Wireshark for network security analysis and configured it for troubleshooting purposes.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
Packt Upsell
Free Chapter
Installing Wireshark 2

Running tcpdump

In this section, we'll take a look at how to run tcpdump on a Linux system to capture traffic.

If you have a Linux- or a Unix-based system (BSD; whatever it might be) that does not have Wireshark installed and you do not have the option of installing Wireshark, or if you have a system where you don't really want to spend the time to install Wireshark and you just want to do a quick capture, you can do so on almost all of them with tcpdump. This is a very common utility that's installed on almost every single NIC-based system out there.

What we have is a newer version of Ubuntu, and I've opened up the Terminal window, and all you have to do is run tcpdump. It's within the system variable path, so you don't have to go browse for it like we had to for the others on Windows, and I'll run it with --help. We can see that tcpdump has displayed its help contents and it shows us what arguments are available for it to receive:


If you want to learn more about tcpdump within the Terminal...