Wireshark gets installed in Promiscuous mode and this mode will allow you to sniff packets going across the network to and from any computer. (All traffic.)
In order for a network admin to stop this from happening is creating VLANs or Virtual Local Area Networks. By doing this, they can segment the network into many sub groups and separate them by routers. If this process is completed or exists in a network, then you can only sniff the traffic in your VLAN.
Go to the following link: http://www.wireshark.org/download.html in order to download Wireshark.
The installation screen will give you the below options.
In order for Wireshark to work, you will need to install WinPcap. Allow it to do so, when prompted.
When Wireshark opens, you will see the below screen. You will need to select an interface to listen for traffic on. This option will be under the "Capture" section. Once you select an interface, you can click "Start" and you will start to see traffic.
This is what the next screen will look like. You will of course see many updates happening, which is all the traffic occurring on your network/PC. You can stop the capture by clicking the square red button. This will NOT clear the screen for you, but will allow you to analyze the data easier.
If you cannot figure out which interface is active, you can click the button under "File" and it will bring up a window that will help you determine which one is active.
In order to take Wireshark out of promiscuous mode, you can go to "Capture" and select "Options". This will bring up the below window and the circled area is the checkbox you can uncheck or verify that this mode is active.
Now you are ready to start sniffing traffic on your network!
Do not sniff traffic in public places you do not have permission to be sniffing data in. I am not responsible for ANY legal repercussions you can face for the misuse of this blog or product. This information is for educational purposes ONLY.
No comments:
Post a Comment