LabEx
Log In Join For Free

Wireshark Enchantment Quest

Cyber SecurityCyber SecurityBeginner
Practice Now

Introduction

In this lab, you will learn how to install and set up Wireshark, which will enable you to perform network analysis and troubleshooting.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL cysec(("`Cyber Security`")) -.-> cysec/WiresharkGroup(["`Wireshark`"]) cysec/WiresharkGroup -.-> cysec/ws_installation("`Wireshark Installation and Setup`") cysec/WiresharkGroup -.-> cysec/ws_interface("`Wireshark Interface Overview`") cysec/WiresharkGroup -.-> cysec/ws_packet_capture("`Wireshark Packet Capture`") subgraph Lab Skills cysec/ws_installation -.-> lab-288913{{"`Wireshark Enchantment Quest`"}} cysec/ws_interface -.-> lab-288913{{"`Wireshark Enchantment Quest`"}} cysec/ws_packet_capture -.-> lab-288913{{"`Wireshark Enchantment Quest`"}} end

Installing Wireshark

In this step, we will go through the Wireshark installation process, so that we have the necessary tools to analyse network traffic.

First, let's update the package repository to make sure we have the latest software versions:

Open a terminal, and enter the following commands:

sudo apt update

Next, we'll install Wireshark using the package manager:

sudo apt install wireshark

During the installation process, you will be prompted to allow non-superuser access to capture packets. Please select Yes to ensure that Dumpcap that allows non-superusers to capture packets is installed. You can use the command below to reselect the option if needed:

sudo dpkg-reconfigure wireshark-common

Once the installation is complete, verify that Wireshark has been successfully installed by running the following command:

wireshark --version

This should display the version information for Wireshark.

Configuring Wireshark Capture Permissions

In this step, we will ensure that Wireshark has the necessary permissions to capture network traffic.

First, let's check if the wireshark group exists:

getent group wireshark

If the wireshark group does not exist, create the group with the command below:

sudo groupadd wireshark

By default, Wireshark runs with non-root privileges, which may limit its ability to capture packets from certain interfaces or protocols. To give Wireshark the necessary permissions with Dumpcap, a tool that is installed along with Wireshark, use the following commands:

sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 4755 /usr/bin/dumpcap
sudo gpasswd -a $USER wireshark

The first two commands change the group ownership of the dumpcap binary to wireshark, and then set its permissions to be executable without needing superuser privileges. The last command adds the current user to the wireshark group, allowing the non-root user has permission to access the "dumpcap" binary and capture network packets using Wireshark without needing to be root.

Now, Wireshark should have the necessary permissions to capture packets from various interfaces and protocols.

Launching Wireshark

In this step, we will learn how to launch Wireshark. Make sure you are using the Desktop environment, so that you can see the Wireshark interface.

To launch Wireshark, open a terminal and enter the following command:

wireshark

This should display the Wireshark window.

Capturing Network Traffic

In this step, we will learn how to use Wireshark to capture network traffic and explore its user interface.

Once Wireshark is running, you should see a window where you need to select an interface to listen to. You can click on eth0 to proceed to the main interface, which consists of several panes, as shown in the figure below:

  1. Packet List Pane: This pane displays a list of captured packets, along with basic information such as time, source, destination, protocol, and packet length.
  2. Packet Details Pane: This pane provides detailed information about the selected packet, including protocol dissection and field values.
  3. Packet Bytes Pane: This pane displays the raw packet data in both hexadecimal and ASCII formats.
Wireshark User Interface

Take some time to explore the various menus and toolbar buttons to familiarize yourself with Wireshark's features.

When you select a network interface and enter the main interface, you've already started capturing traffic. Once the capture has started, you should see packets appear in the Packet List Pane as they are captured. You can filter or search for specific packets using the display filter toolbar or by applying filters in the Packet List Pane.

To stop the capturing, click the "Stop" button in the toolbar or go to the "Capture" menu and select "Stop."

You can check other available interfaces by going to the "Capture" menu and selecting "Options." The "Capture Options" window will display a list of available interfaces. Select the appropriate interface for capturing traffic and click "Start" to begin capturing packets.

Wireshark User Interface

Summary

In this lab you have learned how to install and set up Wireshark, a powerful network analysis tool. You have also learned how to configure capture permissions and capture network traffic. With these essential skills, you will be able to perform network analysis and troubleshooting.

Other Cyber Security Tutorials you may like

Related Cyber Security Courses
Introduction to Cyber Security with Hands-On Labs

Introduction to Cyber Security with Hands-On Labs

Cyber SecurityLinux
Beginner
Quick Start with Nmap

Quick Start with Nmap

Cyber Security
Beginner
Quick Start with Wireshark

Quick Start with Wireshark

Cyber Security
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy