WIRESHARK
Wireshark is one of the best tools to examine what’s occurring on a network.
Onceyou open Wireshark, select eth0 or the connection you want to listen to,
after that merely press the blue icon and you will begin seeing all kinds of connections.
If you choose that you saw enough or want to save the file to examine later you can stop the recording by pressing this red button.
You can filter the connections by typing a protocol.
There is also a coloring rule that can be modified and you can see all possible filters in it.
You can also see what information is being passed on in a TCP connection.
With protocol hierarchy, we can consult the percent that each protocol is using within your network after you started recording.
You can also see which IPs are connected thru that protocol with the Endpoints statistics.
It is also possible to see the Handshake protocol thru the presenting flags.
To use more than one filter at a time you can use || between filters.
If you want to observe connections that originated from a specific IP you can use ip src==<ip>.
You can also see specific ports like port 80 on protocol TCP and UDP.
To see all connections that occurred with an IP do, eth.addr==<IP>.
In this concluding section, I’m illustrating that you can observe usernames and passwords as long the connections aren’t secure.
Do bear in mind that all information displayed in this post is solely for educational purposes and shouldn’t be used for illicit activities!
