How to Perform Sniffing in Wireshark?

In this section, we will see a detailed step-by-step process to perform Sniffing in Wireshark Tool.

Step 1: Open Wireshark Window

Open your Wireshark tool in a new window or a Linux virtual machine. and begin network capture. Assume we are capturing wireless fidelity (Wi-Fi Traffic).

Opening Wireshark Tool

Step 2: Start the Wireless Fidelity

Open Wireshark, select your Wi-Fi interface and start capturing packets. Engage in network activities, stop the capture, and analyze the captured packets for network insights.

Starting Wireless Fidelity

Step 3: Filter the HTTP Packets

Wireshark has recorded some packets, but we’re looking for HTTP packets in particular. So we use some command in the display filter bar to find all of the captured HTTP packets—the green bar in the image below shows where we applied the filter.

http

Filtering HTTP Packets

Step 4: Filter other Vulnerable Packets

Apply Wireshark filters to focus on specific vulnerable packets: filter by Telnet, TCP, UDP, HTTP, SMTP, NNTP, POP, or FTP protocols to identify and analyze potential security issues in the captured network traffic.

tcp.port == 80 || udp.port == 80

Filtering TCP and UDP Packets

In the below output screenshot, you can see that we have filtered FTP packets.

ftp

Filtering FTP Packets

wireshark sniffing and spoofing

Wireshark is an open-source packet analyzer that enables real-time data inspection. It enables network sniffing, which analyzes traffic for device communication insights. The ethical and legal implications of network sniffing are discussed, emphasizing responsible usage. Spoofing, a manipulation of network data, can compromise network security through techniques like ARP, DNS, and IP spoofing.