Start playing with Wireshark

I want to start playing around with wireshark i find it very interesting program. Does anyone have any good book or link to share with me about wireshark xD and any good book about Network Analysis? xD

Anything in particular that you are trying to do? Wireshark is a very powerful tool. We use it at work frequently to debug wifi performance issues. One thing that will be really handy once you get going with it will be using filters to filter out the data that you arent interested in and to apply color-codes to types of data that you are interested in. There's some real Wireshark gurus where I work, but unfortunately I am not one of them.

Just curious - what type of capture device (i.e. sniffer) are you using? The AirPcap sniffers are handy, but they can be a bit finicky and they arent cheap either.

I dont know much about wireshark i start playing with it 2 days ago.I dont have any use in my mind right know I just want to learn as much as i can

This is an extremely basic tutorial, but it will get you started on the basic UI elements and basic filtering.

There's also useful information on youtube (besides cute cat videos and Tek Syndicate):
Windows video:

Quick basic linux video:

There's also a book that is linked directly off the Wireshark Foundation website that I'm sure is very detailed:

For wireless sniffing, I use the AirPcap NX usb adapters:

They are pretty cool, but have some issues when connected to USB3.0 ports and can be quite expensive.

Understanding how a network operates is a better first step.

If you have a better grip on how a network operates, wireshark starts to make more sense.

What kind of computer networking experience do you have?

1 Like

Very true. Sniffer captures will likely look like gibberish unless you have some background in network flow and wireless communication. You'll need to know what things like beacon frames, probe requests/responses, malformed packets, and beacon intervals are. If your concerned with wireless analysis, having a good grasp on how an access point operates, the types of wireless communication protocols, and how wireless communication works in general will be very helpful.

Wireless network analysis can also be very troublesome when performed over-the-air in traditional home environments if you have a lot of congestion on the frequency that you are sniffing on. If you are concerned with how your wireless device(s) are operating on your wireless network, you'll need to make sure to filter your data based on the MAC addresses of your hardware to weed out all the noise from nearby devices. You can use a free tool like inSSIDer (older versions are free - the newer ones might not be) to quickly take a look at the wireless spectrum where you are located to determine what the "cleanest" frequency is.

Nada but i am fast learner

Ninja edit: i know the basics..

Wireshark is an interesting piece of software.

If the internet is the "Information Super Highway" then a Big business' network is the "Information City Road System," and a home network, is the "Information Suburbia"

To keep with this transportation analogy, we have to borrow the mindset of the NSA. Imagine if you wanted to record and review the contents of every single car on the road, with full access to where it came from, and where it's going, what kind of cargo it's carrying; from groceries to the kids hockey equipment. You could even make a note if they have black-out tinted windows. (encryption) in which case, you will know how big it is, and where it's going.

Now, Like the NSA, you would need to be able to first hand witness the vehicles passing. If you have the device watching traffic sitting at the end of a dark alley, you will only see the cars that come and go in the alley. If you put it in the middle of a busy street, you will see many more cars.

A computer running Wireshark, is one such device. If you are in your home, and have it actively listen, you will likely only see traffic coming from your machine. If you put it on your PFSense router, you can see all the traffic passing into and out of your network.

I found knowing what I want to look for/at was most useful when starting to use Wireshark.

Wireless packet sniffing, is an entirely different machine.

Yeah if you want to do wireless packet sniffing maybe Kali Linux on a live CD or a VM would be better as a newbie

Another nifty thing to fiddle faddle with is nmap, there's a package for that on pfSense now too so that's kind of cool

1 Like

Nmap is nifty. I would suggest against putting it on your internet facing interface.

When i will have the time i'll build a pfsense machine but yeah i play with wireshark 1,5-2 days and i find it very interesting program

There are other ways of getting all the info, but it requires a managed switch.

Just curious, won't a hub also work? I know it's not a good way to do it but don't hubs send all traffic to all ports?

Sorry if this is a dumb question :P

While I don't have a book, if your wanting to start down the network analysis path, I would recommend CBT nuggets, the problem is a lot of subjects need a touch of information from another subject area, so Wireshark needs network understanding to unleash its potential so N+ or CCNA is required.
They do a short course on understanding Wireshark, and there is a 7 day free trial :)