Wireshark is a free and open-source packet analyzer used for troubleshooting, analysis, and forensics, which has many features and a rich GUI. Lisa Bock demonstrates TShark, Wireshark’s lightweight command-line partner.
- View Offline
- [Instructor] Most network administrators…are familiar with Wireshark.…It has a rich graphical interface with many built-in tools.…However, you really should try TShark.…It's a command-line tool, and it's very lightweight.…You want to go into the command line interface…and run as an administrator.…First I'll want to get to the directory where Wireshark is,…so I'll first want to change directories to Program Files,…and because there's more than eight characters,…I'm going to enclose that in quotes, then go to Wireshark.…
I'm gonna build my command.…It's important to know what interface you need,…so if you have multiple interfaces,…find out which one is active using ipconfig.…So I built my command, so I want to use interface…ethernet 2 with a duration of 10 seconds…and write to a file tshark.pcap.…Now it's complete and I can go get the file.…I've located the file, and now I can…open it in Wireshark, and there it is.…
So you see you have some choices.…For a lightweight application, use TShark and then bring it…into Wireshark for a rich graphical experience.…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Sniffing network traffic
- Passive vs. active attacks
- Comparing IPv4 to IPv6
- MAC and macof attacks
- Investigating DHCP attacks
- Detecting ARP and DNS spoofing
- Sniffing tools and techniques