1.Wireshark
Wireshark (formerly known as Ethereal) is a network packet analysis software and the most used network protocol analyzer in the world. Wireshark is compatible with all major operating systems such as Windows, Linux, macOS and Solaris.
The Kali system comes with this software, which we can use directly; or we can download the Windows version online and use it in the Windows system.
Use wireshark to capture packets
1. Overview of promiscuous mode; promiscuous mode is to receive all data packets passing through the network card, including packets not sent to the local machine.
Turn promiscuous mode on and off
capture-options
Visit Baidu through a browser and capture packets on wiresharp
1. Use filters to filter TCP packets
2. Use filters to filter UDP packets
Among them, dns nbns oicq are all protocols based on udp transport layer.
1. Use IP address to filter packets
ping 192.168.71.216
ip.src_host == 192.168.71.104 and ip.dst_host ==192.168.71.216
ip.src_host == 192.168.71.104 represents the source IP address
ip.dst_host ==192.168.71.216 indicates the target IP address
Use wireshark to analyze common protocols
1. ARP protocol analysis
One is ruquest and the other is reply. We can get the other party’s MAC address.