O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Collecting network traffic using Wireshark

While tcpdump is a cool tool to capture network traffic, Wireshark is widely used when it comes to network forensic investigations. In this section, we will focus on installing and using Wireshark to capture network traffic.

Wireshark is available for most of the OS, including Windows, Mac OS, and most flavors of Linux.

It is available for free download at https://www.wireshark.org/download.html.

Using Wireshark

Install Wireshark using the Ubuntu Software Center, as shown in the following screenshot:

Using Wireshark

Run Wireshark with network privileges either directly or using the terminal to start capturing packets, as shown ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required