Jump to content

Need help using WireShark.


TN.Frank
 Share

Recommended Posts

Ok, just watched the latest HakTip where Sunbs is going over how to use WireShark and it's got me interested again so I've installed it into my Manjaro install and need to know how to set things up so I can use it.

There's no capture options coming up when I look for them. What do I need to do or add to be able to see my wifi in order to capture some packets? Thanks in advance for any help ya'll can give.

Link to comment
Share on other sites

I did not watch the episode. But I will try to provide a quick set of instructions.

once you have Wireshark up and running and you see data flowing, you can filter out specific traffic... http example

try clicking on a specific packet, the bottom window you will see IP address and other specific information that you can filter through,in this window it's like a drop down menu continue to drop down until you find a specific string that you would like to filter. right click on the IP address and apply as filter, you can also right click the port number and click OR AND NOT SELECT

using this right click method you can learn the filtering language. you could copy this string and paste into the command line with other applications

Link to comment
Share on other sites

I did not watch the episode. But I will try to provide a quick set of instructions.

once you have Wireshark up and running and you see data flowing, you can filter out specific traffic... http example

try clicking on a specific packet, the bottom window you will see IP address and other specific information that you can filter through,in this window it's like a drop down menu continue to drop down until you find a specific string that you would like to filter. right click on the IP address and apply as filter, you can also right click the port number and click OR AND NOT SELECT

using this right click method you can learn the filtering language. you could copy this string and paste into the command line with other applications

Link to comment
Share on other sites

It's getting it up and running that's the problem. I see no sources to pull data from in my list.

It tells me that there are no interfaces on which a capture can be done.

Edited by TN.Frank
Link to comment
Share on other sites

Ok, so help me figure this one out. If I open WireShark from the icon in my menu list I can't capture any packets but if I open it from Terminal with "sudo wireshark" then I can capture packets but I get some warnings about how it's not good to run WireShark as root, yada, yada, yada. Anyway, can someone give me a reader's digest version of how I can set up WireShark so I can open it with the icon and have privileges to capture packets without having to run as root? I read the web page on this but it's just all so much gibberish to me, need it in simple terms please.

Setting network privileges for dumpcap

1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools.

2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap"

3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.

Ok, so can someone translate this for me? Yes, my Manjaro Xfce install has the capabilities but what other tools do I need?

what do I do with #2 on the list? Just type it into Terminal or something?

Edited by TN.Frank
Link to comment
Share on other sites

Ok so I'm able to capture my own traffic and I've figured out how to set wlan0 in Wireshark to monitor mode so that should be capturing other people local traffic from their wifi. Now I just need to know what to do with all this data,LOL. This IS something that I'm going to learn and figure out one way or the other because I think it would be a useful tool to have in my toolbox.

Link to comment
Share on other sites

Alright, I went into promiscuous mode and monitor mode and captured some packets. When I looked at my wifi connection drop down it had my wifi card listed but said "device not ready" but I did get some packets so where did they come from?

Link to comment
Share on other sites

Thanks for the link. I'm thinking that I need to go into Terminal and set my wifi card to monitor mode, i.e. mon0 in order for Wireshark to be able to use monitor mode, that's why it was saying "device not ready". Anyway, I'll read the link in a bit, thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...