Maker Pro
Maker Pro

Reading Wireshark packet

Martaine2005

May 12, 2015
4,932
Joined
May 12, 2015
Messages
4,932
Perhaps you can read for yourself..They have a good site..
This kind of software requires others that all interface together. Dumpcap being just one.

But as these tools are primarily used for hacking, this is the wrong forum to ask..

Martin
 

Gryd3

Jun 25, 2014
4,098
Joined
Jun 25, 2014
Messages
4,098
Hello Everyone,

I wanted to know if anyone can help me to know how to read wireshark packet?

Thanks in advance.
Perhaps you can read for yourself..They have a good site..
This kind of software requires others that all interface together. Dumpcap being just one.

But as these tools are primarily used for hacking, this is the wrong forum to ask..

Martin

Wireshark is no more a hacking tool than an oscilloscope is, and can be a incredibly useful tool when developing headless network capable devices.
As far as reading a 'wireshark packet' is concerned, the question alone shows that you haven't even tried yet.
When you run wireshark, you are presented with a graphical interface that you use to select the interface you want to do the 'packet capture' on. Most computers have only one, but you can always stop and restart with another if you don't get the answers you are looking for.
Once you start the 'capture' you will notice the window will begin to fill with captured packets; many of which will be color coded. You can sort and filter this list by IP address and/or Port to narrow down the specific stream you are looking for.
Simply click on one of the lines and wireshark will show you the raw packet as well as a more 'english' representation of what the packet represents such as priority, packet #, payload, etc.
'Reading' the exact contents of the packet requires knowledge of the protocol being used. If you made an internet connected device, you should have some understanding of this. Otherwise, it's time to visit google to find out how a certain type of packet is constructed.

*Special note.
Wireshark will only work on traffic that hit the interface. Routers and most switches will NOT allow/send a packet meant for someone else to your interface... so if you are trying to determine that your RaspberryPi burried in the closet is properly sending packets out to the internet, you will need to do some magic to put your computer in between the RaspberryPi and the internet otherwise you will not see any of it's communications.
This can be done with a second network interface. Bridge the two interfaces. The Pi goes into one interface, and the other interface goes to the router. You can now ensure the Pi is behaving as expected.

**Other note.
Wireshark can also be used for security... capture packets on your computer and you can see if any machines on your network are sending things to your computer that maybe are not supposed to... anyway, lots of uses: legitimate or not.

Any tool can be used as a weapon
 
Top