Hackers and attackers use network sniffing tool for reconnaissance. It is an important tool to understand security risk. Attackers use a network sniffer to intercept transmitted data and credential. So, learning about capabilities and limitation of packet sniffer is essential for the best ethical hacker. In this post, I will explore you one of the best network sniffing tool – Wireshark and TCPdump.
In my previous post, I already explain how cybercriminal makes attacks using network reconnaissance. This article, you will understand network packet tracing techniques. So, this is an important phase to avoid network attacks.
Wireshark Network Analyzer Features
Wireshark is the most widely used Unix/ Linux tool to record network traffic. It is graphical application and runs on the most popular platform like Linux and Windows operating system.
Wireshark can read files from captured traffic TCPdump, Microsoft network monitor and many others. It can grab live data over Ethernet, FDDI, PDP token ring, IEEE 802.11 and loopback interfaces.
Once network data fetched, captured network traffic can be reviewed and analysed using GUI or with text mode comparison program. Wireshark filters and parses traffic arrests and save output in various formats. You can download Wireshark from here.
Tcpdump Packet Analyser Features
Tcpdump is hugely popular most Unix/ Linux-based tool. It is used to record network traffic. The best feature of Packet analyser is, is can capture data with full range user specified criteria.
It is available in Linux distribution, or you can download it from http://www.tcpdump.org/
It is command line packet analyser which has portable C/C++ library for network traffic capture.
How to use Wireshark network sniffing tool.
Step 1: From your desktop search Wireshark icon .and double click on Wireshark.
Step 2: