While tcpdump is a cool tool to capture network traffic, Wireshark is widely used when it comes to network forensic investigations. In this section, we will focus on installing and using Wireshark to capture network traffic.
Wireshark is available for most of the OS, including Windows, Mac OS, and most flavors of Linux.
It is available for free download at https://www.wireshark.org/download.html.
Install Wireshark using the Ubuntu Software Center, as shown in the following screenshot:
Run Wireshark with network privileges either directly or using the terminal to start capturing packets, as shown ...