1. What is Wireshark?
Wireshark, one of the best Packet Capture Software tools for network analysis, is highly recommended for those new to network security. This article includes content from PingingLabâs instructor Chen Xinjie, whose tutorials are highly recommended. We hope readers find it enjoyable.
It is a network packet analysis software. The function of network packet analysis software is to capture network packets and display the detailed information of these packets as much as possible. Wireshark uses WinPCAP as an interface to directly exchange datagrams with the network card. In the past, network packet analysis software was very expensive or exclusively for profit. The appearance of Ethereal changed all of this. Under the protection of the GNU GPL general license, users can obtain the software and its source code for free, and have the right to modify and customize its source code. Ethereal is one of the most widely used network packet analysis software worldwide.
Wireshark is currently the most widely used open-source packet capturing software globally. Its predecessor was Ethereal, a general network data sniffer and protocol analyzer, written by Gerald Combs and released under the GPL open-source license in 1998. If you are a network engineer, you can use Wireshark for network analysis; if you are a security engineer, you can use Wireshark for security assessment; if you are a testing or software engineer, you can use Wireshark, etc.
Wireshark includes the following basic functions:
So, where do we download this software? The Kali environment comes with the Wireshark tool, while on Windows systems, it can be downloaded from its official website.
Similar related software: Sniffer, Fiddler, Omnipeek, Httpwatch, and Kolai Network Analysis System, etc.
2. Wireshark Installation
The installation of this software is very simple, as follows.
Step 1: Directly run the EXE, and click Next.
Step 2: Choose the relevant options, where Wireshark is the main program, TShark is the protocol analyzer, Plugins & Extensions are basic plugins, Tools are essential toolkits, and the Userâs Guide is the help documentation.
Step 3: Default selection is sufficient.
Step 4: Choose the installation path, and it is recommended to install it in an all-English path.
Installation complete.
3. Capturing Website Usernames and Passwords with Wireshark
A simple example demonstrating the basic usage of Wireshark packet capturing is shown below.
Step 1: Choose the target website and obtain its IP address, which can be done using the Ping command. Here we use Webmasterâs Home as an example; its IP address is:
Step 2: Open the Wireshark software, select a network card, then start the packet capture feature of the software (it can also be done in the settings option).
Step 3: Start the Wireshark software and it will be displayed as shown below.
Step 4: Open the target website and refresh it, then input the username and password to log in.
Step 5: After successfully logging in, stop capturing, and use the filter below to get HTTP protocol information related to this IP address.
Step 6: By analyzing the HTML login method, it is found that it uses the POST method (very common, GET method links have parameters). These are the login pages.
Step 7: Click the POST login page that contains âlogin,â and click the last line âHTML Form URL Encoded: application/x-www-form-urlencodedâ to obtain the username and password shown below. If the password is encrypted with MD5, you can use online sites to decrypt it.
By this point, we have successfully captured our own login credentials using Wireshark. Similarly, you can attempt to capture other usersâ credentials if they are on the same Wi-Fi network as you. By obtaining the target websiteâs IP address, you can intercept the data packets to achieve this. Therefore, be cautious about using open Wi-Fi networks when outside.
Step 8: If the HTTP protocol is not set, all packets can be displayed, as shown below.
Step 9: Finally, supplement with some other filters, such as obtaining POST requests from forms (GET request URLs have parameters), you can use the code below to do so.
Rules for filter expressions:
Step 10: Filter rules can be combined, as shown below.
4. Conclusion
As weâre writing here, the eighth article in the network security series is finished. We hope you like it, and if there are any errors or shortcomings, please be understanding. Wireshark is closely related to network protocols, including protocols like HTTP, FTP, Telnet, TCP/IP protocol stack, routing protocols (RIP/EIGRP/OSPF/ISIS/BGP), switching protocols (TRUNK/VTP/STP/HSRP), as shown below. The subsequent articles will provide more detailed explanations combined with packet capture principles. Keep pushing forward.
