Wireshark

Wireshark is a network traffic monitoring tool.

basic usage

This is covered really well here

slightly advanced tricks

add any field as a custom column (or you can do it from prefs)
add geoip db and then go to Statistics > Endpoints and you can see the IPs plotted out on a map
decrypt tls by importing the cert
decrypt WPA encrypted wifi

SSHdump

You can capture packets from an interface on a remote machine using SSH and tcpdump.

On Mac/Ubuntu this is built into Wireshark by default and you can select it as an option from the capture interface screen. (I think on Windows there's a plugin. Go find out and update this wiki!)

You just give it the SSH details and it runs tcpdump on the remote machine.

PreviousTLS 1.3 NextSubnetting

Last updated 3 years ago