Wireshark is a packet-capturing freeware that is used by SA’s across the world. It may seem a little confusing at first but the general steps are to:
Select “Interface List” and check off the NIC’s you will use to capture packets.
Go to “Capture Options” and make sure the “Use promiscuous mode” is checked. Note that this is by default.
Click the “Start” (green fin icon) to start capturing packets.
Click “Stop” to stop capturing. With no filters applied, you can see all the packets in real time that the program captured.
Now you can analyze the packets or start filtering for specific packets and see their contents.
- Once you have traffic you need, you just apply filters such as those found here.