Wireshark, formerly known as ethereal, is an amazing network monitoring tool. It helps you to capture the data packets being sent/received by your network interface and analyze it.
Warning:Before using Wireshark in promiscuous mode
Make sure that you have the required permissions to do so. promiscuous
Mode, in a way, is packet sniffing and might be able to get rid of
Job you currently have. (In simpler words, if you do not own the network
Or if you are not the network administrator then it can get you fired !)
Now, I am going to demonstrate this using my fedora 13 box as a client
(Kept in New Delhi, India) and will connect to an Ubuntu 10.04 Machine
(Kept in Florida, USA) Using SSH. Let us check it out step by step.
- Install the wireshark using your package manager. You need to install Wireshark as well as wireshark-gnome to get the GUI.Yum install Wireshark wireshark-gnome
- Launch the wireshark. Do not start the analysis yet. We will first switch off the promiscuous mode.
- Go to "capture" and select "options" and uncheck the "Capture packets in promiscuous mode" check box.
- Select the interface you want to listen to. I will listen to eth0,
Which is usually the default for your first network interface. Also
Specify a capture filter. Check out this list for complete filters and their formats. I will write "host <Ubuntu-maachine-IP-addess> ".
- You are all set but again before clicking start double check that promiscuous mode is turned off. Click Start.
- Connect to the Ubuntu server using the fedora box and the captured packets will be shown.
Filters are necessary if you want the capture to make some
Sense. Try it without any filter for once and you will be amazed
Seeing the number of packets which pass through your network interface
Card.
While I have warned you about the promiscuous mode, I encourage you
Use it on virtual machine but for learning purpose only (or if you
Happen to have a small switch or something then create a network
Yourself ).
