Wireshark is a common tool on both Linux and Windows to observe network traffic and learn about how your computer communicates with the outside world and vice-versa. The USF Cybersecurity Major uses Wireshark extensively in some of its later courses.
Installing Wireshark
Install for your target machine, works on Windows and Mac. Note that, on Windows, you may also need to download and install a packet sniffing tool called Npcap, if you do not have it already.
You can install it on Linux with your favorite packet manager, usually the wireshark package.
Opening it up and picking the right adapter
Wireshark is known for being able to analyze network traffic, and that can be done in two ways. You can open a file containing a network dump of all sniffed packets, usually a .pcap or .pngpcap filetype, or live-scan traffic moving now.
To start sniffing your network traffic, select whichever network interface you want to listen on. This will be different depending on how your computer is setup, is it plugged into the internet with an ethernet cable? Maybe Ethernet 2 (Windows) or enp42s0 (Linux) or ens3 (Linux) or some variation may be the right adapter name. Are you connected via WiFi? Maybe Wi-Fi (Windows) or wlp5s0 (Linux) or some variation is the right adapter name. Don’t use “any” or “Loopback”, those will give you too much data and be useless, respectively.
What is going on?
If you’ve done everything right so far, you should be seeing a lot of information flying by on your screen very quickly, do not panic. If you’re doing a live capture of your internet traffic, each line are packets that have been sent or received by your computer, ordered by Frame Number (”No.”) and time received (”Time”) in seconds since start. You may want to stop the packet sniffing after a couple seconds before your memory fills up with the Red Square on the top left.
This part of the guide has not been written yet 😢