Anyone know of a good place to learn how to use wireshark? I've been using the wiki for it to learn some of the ins and outs but im curious is there are any good guides for it. It works just fine so far. I'm trying to wade into the water as opposed to jumping straight in.
Wireshark is a tool which helps you to understand what's going on. There is no definite way of using it but the process is always the same: choose a capture device, look at the data, filter it, look at the data and filter it again, ...
Two days ago, a friend gave me two gamepads (one usb interface) and while mapping the keys in trine I noticed that the left stick and the left cross, or however you call it, basically are the same which seemed odd so I wanted to know if it's the driver or the device itself. I fired up wireshark and captured the usb device where I could see requests and responses for both gamepads. I filtered out all data from one controller and all requests (just hover over the data that differs and you'll get all information you need to setup a filter or right click and there is an entry like, create filter from this). The data left over was interesting, because it contained a bitmask of keys being pressed where I could see that the device doesn't distinguish between the stick and the cross.
I believe backtrack 5 has this installed on it, if its the same tool im thinking of, Network packets and stuff.
you can also learn to use other tools within Backtrack 5, although at your own risk, you dont wanna hack someones network when messing about.
Try securitytube for learning, http://www.securitytube.net/?q=Wireshark , I learned a few hacks of here inc Hydra and also the Chrome dump password find,
there will be plenty of tools out there if you ask google correctly just dont use them for evil!!!
Lol honestly i just want to see whats happening on my network XD I'm not interested in evil doings :P So far I've been reading this and it's informative but there's a lot to it. I haven't had to time to sit down and read about filtering too much yet but thus far it's been interesting popping wireshark up while I do a bit of work and take a look at the packets when I'm done. Just curious. I honestly don't know what I'd even do with this tool other than looking to see what packets are flying to and from my network (or, as wickedwig said you can use this for some other things too...ill have to keep that in mind.)
you open it.... pick an interface to sniff.... it dumps all the packets.
normaly, it will only get packets destined for your computer. if you are using a hub, you can put your network interface in permiscuous mode (airmon-ng start wlan0) then use mon0 for your interface. if you are on a managed switch or router, you will need to ARP poison...
wireshark dumps way too much info to read, so you need a filter. if your interested in how packets work, look up the tcp header... much simpler. only time you would want to use wireshark is to trouble shoot faulty network stuff, or for debugging (example, i was writing an IRC client. used wireshark to see the packets it was sending)