Wednesday, February 1, 2012

How to capture packets using Wireshark/Aircrack/TCPDump

Capturing Packets
Analyzing packets is very important in order to see where your data is being sent and received. Here are some good tools and commands to get you going:

Wireshark: www.wireshark.org/
Install: sudo apt-get install wireshark
Different filters:
port 80
http contains msg_text
ip.addr == 192.168.2.8
ip.dst == 192.168.2.8
ip.src == 192.168.2.8
tcp.port == 80 || http
http.request.method == "GET"
http.request.method == "POST"

Aircrack suite: www.aircrack-ng.org/
Install: sudo apt-get install aircrack-ng
Different examples:
sudo airmon-ng start wlan0
sudo airodump-ng mon0 -w OUTPUTFILE

Analyzing Packets:
TCP Dump: www.tcpdump.org/
Install: sudo apt-get install tcpdump
Different examples:
tcpdump -ttttnnr tcp_dump.pcap
tcpdump -qns 0 -A -r blah.pcap
tcpick -C -yP -r tcp_dump.pcap
tcpdump -qns 0 -A -r tcp_dump.pcap
tcpdump -qns 0 -X -r tcp_dump.pcap