Wireshark, whose old name is Ethereal; It is a program that can run in many operating systems such as Windows, Linux, MacOS or Solaris and can analyze all the traffic going to network cards connected to computer. Analyze over 750 protocols Can capture packets and save them to a file.
Logical operators are available for all filtering.
- Example:
http & ip.src == 192.168.0.1
- Management Frame: The frame for the connection between the network device and the client.
- Control Frame: Controls the integrity of data traffic between the network device and the client.
- Data Frame: The frame on which the original data is transferred.
wlan.fc.type==0To show incoming, outgoing packets through control frame.
wlan.fc.type==1To show packets transferred over the data frame.
wlan.fc.type==2Association lists the requests.
wlan.fc.type_subtype==0Association lists the answers.
wlan.fc.type_subtype==1Probe lists requests.
wlan.fc.type_subtype==4Lists the probe responses.
wlan.fc.type_subtype==5Lists Beacon signals / waves.
wlan.fc.type_subtype==8Lists the Authentication requests.
wlan.fc.type_subtype==11Lists deauthentication requests.
wlan.fc.type_subtype==12TCP lists the outgoing packets to the xx port.
tcp.port == xxTCP lists packages with the Source xx port.
tcp.srcport == xxTCP lists packages with a destination xx port.
tcp.dstport == xxUDP lists the outgoing packets to the xx port.
udp.port == xxUDP lists packets with a destination xx port.
udp.srcport == xxUDP lists packages that have the Source xx port.
udp.dstport == xxLists the HTTP Get requests.
http.requestLists packages for the source or destination mac address.
wlan.addr == MAC-AddressThe source lists packages that have a mac address.
wlan.sa == MAC-AddressLists packages that have a target mac address.
wlan.da == MAC-Address