Sabtu, 16 April 2016

Wireshark

Wireshark is a free and open source packet analyzer and used for network troubleshooting, analysis, software and communications protocol development, and education. It is used to see what happen to the packet that we send and receive to and from the target host.

To open the wireshark, turn on your Kali Linux and go to application > 09 - Sniffing and Spoofing > Wireshark.


When you open your Wireshark, it will look like this.

Wireshark

It will show error message but just click ok to continue. There are eth0, any,Loopback: lo, bluetooth0, nflog, nfqueue, usbmon1 and usbmon2. To see the packet info, double click on eth0 (because my connection is on eth0) and it will show like this.


If you want it to run, you must do internet communication thing, like browsing, using terminal or other. For my example, i use terminal and do ping detik.com.

ping detik.com

The result become like this.

Result ping detik.com in wireshark

Now wireshark fills with information of your packet sends to detik.com. If you want to stop the capture, press the stop button.

button for stop capturing packets

Now it's done capturing packet and you can see some information there. One of the example is ICMP info that says "echo (ping) request" means we send packet to the host.

For another example, i use nmap to my laptop as the target.


And the result in wireshark is like this.




You can see there are some red lines and there is "[RST]" means we cancel our communication. But for second picture, there are lots of [RST, ACK]. It means the port is close. For the example, i choose this one.


From this one, it says 22 -> 54295 [RST, ACK] means it sends the RST, ACK packet back to me because the port is closed. If you not sure about that, see again list of my open port below when i use nmap to target my laptop.

Here i give you a video to learn more about wireshark (windows version)



Reference:

Download:
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)