USING WIRESHARK IN KALI LINUX (intermediate - advanced)
How to Use Wireshark in Kali Linux – A Practical Guide for Beginners
If you’ve ever wanted to see what’s really happening inside your network, Wireshark is your best friend. It’s like having X-ray vision for packets — you can literally watch data move across your Wi-Fi or Ethernet in real time.
In this post, I’ll walk you through using Wireshark on Kali Linux — from installation to packet analysis — in a way that actually makes sense.
⚙️ What Exactly Is Wireshark?
Wireshark is an open-source network protocol analyzer.
Think of it as a microscope for your network. Every time you visit a site, send a message, or make an online payment, Wireshark can capture those packets and show what’s inside them.
Security analysts use it to:
-
Troubleshoot slow or suspicious networks
-
Investigate hacking or malware activity
And in Kali Linux, Wireshark comes pre-installed, ready for action.
π Step 1: Check If Wireshark Is Installed
Most Kali builds already have it. But just to be sure:
wireshark --version
If you see version info, you’re good.
If not, install it manually:
sudo apt update
sudo apt install wireshark -y
During setup, Kali will ask whether non-root users can capture packets.
π Choose Yes — it’ll let you use Wireshark without running it as root every time.
π¨π» Step 2: Launch Wireshark
You can start it from:
wireshark &
or by searching Wireshark in the Kali application menu.
Once open, you’ll see a list of network interfaces — like eth0, wlan0, or lo.
Each one represents a different network card or connection.
π Step 3: Select an Interface and Start Capturing
Click the blue shark fin icon π¦ on the top left to start capturing on your chosen interface.
You’ll instantly see packets scrolling by — colorful lines of data representing:
-
Protocol (HTTP, TCP, UDP, etc.)
-
Info about each packet
Don’t panic if it looks chaotic — the magic is in the filters.
π Step 4: Apply Display Filters (The Real Power)
Filters help you find what matters.
Common examples:
| Goal | Filter |
|---|---|
| Show only HTTP traffic | http |
| Capture only TCP packets | tcp |
| Show traffic from one IP | ip.addr == 192.168.1.5 |
| Filter by port | tcp.port == 443 |
| Show only DNS requests | dns |
You can combine them too:
ip.src == 192.168.1.5 && tcp.port == 80
Press Enter, and the chaos turns into clarity.
𧩠Step 5: Inspect Packets Deeply
Click any packet to expand it below.
You’ll see detailed layers:
-
IP Header → Source & Destination IPs
-
TCP/UDP Layer → Ports, flags
-
Application Layer → Actual data (like HTTP requests)
You can even right-click → Follow → TCP Stream to see the full conversation between your computer and a website.
⚠️ Step 6: Capture Responsibly
Wireshark is a double-edged sword. You can use it for good (learning, debugging, security analysis) or cross a legal line.
Remember:
✅ Capture only your own network traffic, or traffic you have permission to analyze.
Unauthorized packet sniffing = illegal in most countries.
π Step 7: Save and Analyze Later
You can save captures as .pcap files:
File → Save As → mycapture.pcap
Then reopen them anytime for deeper analysis or to share with teammates.
π§ Bonus Tips
-
Use “Statistics → Protocol Hierarchy” to see which protocols dominate your capture.
-
“Endpoints” view shows all IPs communicating — great for spotting unknown devices.
-
Combine Wireshark with tools like Nmap or tcpdump for pro-level network forensics.
𧩠Final Thoughts
Wireshark isn’t just a hacker’s toy — it’s one of the best learning tools for anyone in cybersecurity or networking.
Once you understand how data moves through packets, you’ll start thinking like a network analyst (or an ethical hacker π)
need tutorial of any tool drop in comment...
Comments
Post a Comment