Wireshark is a network protocol analyzer or an application that captures packets from a network connection, such as from your computer to your home office or the internet. The packet is the name given to a discrete unit of data in a typical Ethernet network. We’ll see the installation of Wireshark and also how to use Wireshark.
Wireshark is the most often-used packet sniffer in the world. Like any other packet sniffer, Wireshark does three things:
Packet Capture Wireshark listens to a network connection in real-time and then grabs entire streams of traffic – quite possibly tens of thousands of packets at a time.
Packet Filtering Wireshark is capable of slicing and dicing all of this random live data using filters. By applying a filter, you can obtain just the information you need to see.
Packet Visualization Wireshark, like any good packet sniffer, allows you to dive right into the very middle of a network packet. It also allows you to visualize entire conversations and network streams.
Wireshark Installation on Linux
sudo apt install wireshark sudo dpkg-reconfigure wireshark-common sudo usermod -a -G wireshark $USER newgrp wireshark
Once you have completed the above steps, you then log out and log back in, and then start Wireshark:
How Wireshark Is Used
Once You have Installed Wireshark, you can start capturing packets. But before that, you need to have proper permissions on your system to put Wireshark into promiscuous mode. In a Linux system, it means that you have root permissions.
After having the right permissions, you can start capturing packets. Perhaps the best is to select Capture >> Options from the main window. This will bring up the Capture Interfaces window, as shown below:
The above window will show all the available interfaces. Wireshark provides a lot to choose from.
Once the network interface is selected, you simply click the Start button to begin your capture. As the capture begins, it’s possible to view the packets that appear on the screen, as shown below:
Once you have captured all the packets that you want, simply click the red, square button at the top. Now you have a static packet capture to investigate.
For More Information: https://www.wireshark.org/#learnWS