Wireshark and Nmap is a free and open-source project used as a network packet analyzer tool, it is used to capture packets over a network and analyze it. It is used for network troubleshooting, software communication protocol development.
When Wireshark was previously launched it was named Ethereal.
It is a cross-platform (Meaning which can be used on various operating systems and with different software packages). It uses a pcap to capture packets (Pcap is an application programming interface used for capturing network traffic).
As stated Wireshark is a cross-platform tool and can be used in different platforms like Windows, Mac, and Linux.
What do we have for you
- How To install Wireshark
- Things We Can Do with Wireshark
- History Of Wireshark
- Nmap & Wireshark
- Using Wireshark and Nmap
How To Install Wireshark
- Installing Wireshark on Windows
- Wireshark on Linux
- Installing Wireshark on Mac
So, Let’s start with installing on windows, Firstly you need to visit Wireshark official website and download the version of Wireshark that is compatible with your system.
After downloading, simply install the software and start using it. Installing on windows is easy but make sure if your system doesn’t meet the requirements then it may lead to system slowdown.
Wireshark on Linux:
So, to do this if your Linux distribution already has inbuilt Wireshark then you should update it using apt upgrade command. This will update your Wireshark to the latest version.
If your system does not have Wireshark installed then to install Wireshark you will first have to visit the official website of Wireshark and then choose download for Linux, There also you will get a Sudo apt-get to install Wireshark.
sudo dpkg-reconfigure Wireshark-common
sudo adduser $Admin Wireshark
That’s all we have successfully installed Wireshark. Use apt upgrade command to update it to the latest version.
Now coming onto How to install Wireshark in Mac:
You will have to do a manual installation process but the thing is that you will have to download it for mac while downloading it. Else the package installation will fail.
Things We Can Do with Wireshark
Capture live packet data – After successfully downloading and installing Wireshark open the Wireshark and click on the button network interface.
For Example, if we want to capture the traffic of any wireless network like your wifi, click on the wireless interface. Now it’s up to you, you can configure advance features by clicking on options.
If you have prior knowledge then only you can do otherwise you can go ahead on the capture and use the recommended configuration.
After using the live capture, you can go ahead and check the packets that have been captured.
All the data that has been captured is stored in the form of packets.
The data transmission from the connected device to the network, all are stored in Wireshark. You can save this data and use/analyze it whenever you want.
After getting all the packages. If the victim is connected to your wifi and do some type of work like signing into his/ her google account, logging into Facebook or Entering the password of any social media or website, All the packets will be captured in Wireshark.
Packets are stored in the form of an excel sheet and to extract the information we have to analyze it.
You can use the filter tool to find the desired packet, for example, I am interested in knowing how many HTTP packets have been capture by Wireshark so in the filter tool I will type HTTP and run it. Now you will be only able to see how many packets with protocol HTTP have been captured.
You can check what data is stored in packets that have been captured by Wireshark. For doing this, simply right click on the packet that you want to open. Or you can do it by simply double-clicking on the packet.
Each information like Name, Hostname, Domain everything is stored in the form of Packets. You can go ahead and with some knowledge on Html also you can manipulate the user data.
For a hack like professional after capturing the data and knowing his/ her password move ahead and try to get his/ her particular IP so that you can easily log in to the victim’s accounts and further create backdoors.
Now the process of getting victim’s IP is easy. You just need to be focused and you have to be patient. The process of getting IP (internet protocol) can be done by Phishing pages, Sending some sort of payload [Your Own Malicious Application To hack Someone’s Device].
If you have access to the victim’s system you can manually get it by going on the web and visiting the website, whatismyip.
After successfully getting the IP, now you have all the important things with you, You can log in to the victim’s account and without even knowing who else is there, you can keep an eye on victims. You can also change the password.
For changing the password if two-factor authentication is enabled also, it won’t ask you for any type of credentials other than your password.
Boom, You have just hacked the account, Without even victim knowing that you have been sitting in his privacy.
History Of Wireshark
Wireshark is a free and open-source project which was started in 1998. It was developed by a group of people now named The Wireshark Team. This tool is written in C & C++ language which makes it stable and robust. Wireshark is case sensitive like, you cannot write HTTP as Http. Both of these have a different meaning for Wireshark.
Wireshark is an important tool for the penetration tester and Ethical hackers. It is easy to use and has a wide number of inbuilt tools within itself.
It also has color-coding and Because of this, Wireshark can color packets based on rules that have been set previously, matching particular fields in packets colors the packet. This was done for the best user experience and to reduce time complexity, to help the user identify what type of traffic is it, just by watching the color.
Because of its so many plus points, it is now being used by many professionals like,
Network administrators use Wireshark to troubleshoot network problems
Network security engineers use it to examine the security issues
Developers use it to debug protocols
People use it to learn network protocol internals and learn how packets capturing works.
Nmap & Wireshark
Both of the tools are easy and handy tools to use. And in this part, we will be learning how to use Nmap scan with the help of Wireshark.
Before working with Nmap, First let us know what is Nmap. Nmap is a network mapper tool. Nmap is free to use and it is an open-source tool for vulnerability scanning and network discovery tool. Network administrators and IT specialists use Nmap to identify what devices are currently running on their systems.
Nmap is capable of finding open ports and detect system security issues. It can be used to monitor a number of hosts. It has been advanced over the years and is extremely flexible,
Its port scan tool gathers information by sending raw packets to the system ports. It listens to every port and determines if any port has responded, If yes then which is the port and gathers information like the port is open or closed or filtered in some way.
Using Wireshark and Nmap
TCP Scan: Tcp scan, it scans for all the TCP port like port 21, 24, 22, 44,425, etc and ensures that for listening port through a 3-way handshake connection. The connection is established between the source and destination port.
If the port is open then the source makes a request with the SYN packet and, the response destination sents SYN and ACK packet.
Now, type NMAP command for TCP scan and start Wireshark on another hand to capture the sent Packet.
Now, Look at the sequence of packet transfer and capture between the source and destination through Wireshark.
You will see the packets are similar to the packets capture in Nmap. That is Source sent SYN packet to the destination, Destination sent SYN, ACK
In this way, you can use Nmap and Wireshark both together. The main advantage of using both the tools together is that you can get exact and accurate results.
Wireshark and Nmap both are really easy to use and configure. Both the tools when used together gives accurate results. So if you are trying to work on projects better use both Wireshark and Nmap together.
Nmap send ICMP type 8 packet to the targeted address.
Each OS or network device responds in different manner to Xmas Packets. Xmas scan analyzes responses to Xmas packets it also reveals the local information of the device such as Operating, Port State etc.
It is a process of finding the connected devices to a particular network.
Wireshark is used to see details of the packets coming and going out.
Nmap is used to send out packets to scan and discover other computers on a network.
Zenmap is a GUI (Graphical User Interface) of Nmap.