Wireshark Capturing & Filtering Data Packets

# Wireshark Capturing & Filtering Data Packets ###### tags: `ntop` `nProbe Cento` `OS` `Linux` `nDPI` Environment: SCB 1921 Linux 20.04 & Windows 10 ### Features: ```java= Wireshark contains several useful features, the foremost of which are listed below: 1. Inspecting thousands of protocols 2. New protocols being added with every update 3. Live-capturing of protocols with offline analysis 4. Three-way handshake 5. Maximum portability: runs on Solaris, Linux, Windows, MAC OS X, FreeBSD, and more 6. Analyzing VoIP protocols 7. Reads data from many platforms, i.e., Wi-Fi, Ethernet, HDLC, ATM, USB, Bluetooth, Frame Relay, Token Ring, and more 8. Results can be saved in CSV, XML, PostScript, and plain text documents 9. Reads and write a wide variety of captured file formats ``` ### Installation of Wireshark on Ubunut Linux. ```javascript= # sudo apt update # sudo apt upgrade # sudo apt install wireshark ``` #### Enable Root Privileges When Wireshark installs on your system, you will be prompted by the following window. As Wireshark requires superuser/root privileges to operate, this option asks to enable or disable permissions for all every user on the system. Press the “Yes” button to allow other users, or press the “No” button to restrict other users from using Wireshark. ![](https://i.imgur.com/5dkB33J.png) ```javascript= # sudo usermod -aG wireshark <username> # wireshark ``` #### **The Highlighted Interface is active and coming the packets.** ![](https://i.imgur.com/BtFoo3Y.jpg) #### **Double-Click on that Interfrace where you want to capature the packets. When you double click the wireshark start capturing the packets.** ![](https://i.imgur.com/rFbVzx2.jpg) ### Menu Button ![](https://i.imgur.com/hVDok32.png) ### Add the filter if you want to filter out the packets infuture ![](https://i.imgur.com/vxcPloO.png) #### If you want to enable or disable protocols. ![](https://i.imgur.com/gGGrmZB.png) ![](https://i.imgur.com/rHqx7Jv.png) #### Filter out the protocols (You can apply filters to sort out or see the specific protocols) ![](https://i.imgur.com/AsySIDg.png) #### Filter Operators https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html ![](https://i.imgur.com/OrSIIjb.png) #### e.g. I want to filter out a specific protocol (ip.src== 192.168.110.41 or arp). you want add more parameter as per your requirements. ![](https://i.imgur.com/XZSQPqh.jpg) #### Now Mark all the protocols ![](https://i.imgur.com/ak5TwOq.png) ### Save a pcap file #### Export the selected packets ![](https://i.imgur.com/vZdr16z.png) #### Write the filename and select the extension of the file e.g. pcap ![](https://i.imgur.com/fSU2SF1.png) Reference. https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/