Working with Wireshark
Wireshark
The program that we're going to take a look at is called Wireshark. It's an open
source packet sniffer with support for interpreting a vast range of network protocols.
Installation
For Windows and Linux, Wireshark can be downloaded from http://www.
wireshark.org. On Debian, Ubuntu, RHEL, CentOS, and Fedora it's available
as the wireshark package.
You'll need to have root or administrator access in order to install this. On Windows,
make sure that you install or update the WinPcap library if it asks you to do so, and
also allow it to start the WinPcap driver at boot time when prompted.
On Debian and Ubuntu, you will need to configure Wireshark to allow regular users
to run captures. Run the following command:
$ sudo dpkg-reconfigure wireshark-common
Say Yes to Should non-superusers be able to capture packets? Note that this
doesn't automatically allow all non-super users to use Wireshark, they still need to
be added to the wireshark group. Do this now for your own user, for example:
$ sudo usermod -aG wireshark myuser
You may need to log out and log in again for this to take effect, or possibly even
reboot. For other Linux distributions, check their documentation, or there are
instructions on the Wireshark wiki for assigning these rights at http://wiki.
wireshark.org/CaptureSetup/CapturePrivileges.
If you run into trouble at any point, you can get further help regarding the
installation on the wiki at http://wiki.wireshark.org/CaptureSetup.
Once configured, on Linux, just run wireshark in an X session to start the
graphical interface.
Capturing some packets
Once you have Wireshark installed and running, you'll see a window that looks
like this: