Running Wireshark in CMD

Wireshark is the ultimate tool for network sniffing, it’s available for almost any Operating System from MAC OS X, Linux and Microsoft. I think the difference is mainly in Remote Packet Protocol service/driver, because it’s customized for specific OS architecture/hardware.

You can find the download file here: https://www.wireshark.org/#download

They also provide many pages of know-how: https://www.wireshark.org/docs/

So you can go deep.

 

This slideshow requires JavaScript.

But today or tonight is my plan to show you how to sniff network traffic with Wireshark running in CMD/DOS/terminal style. Why is this good? You can run Wireshark in GUI free systems.

Firstly you need to have installed Wireshark.

I have version 2.0.5 64-bit version and Win.Pcap 4.1.3 (on Windows 10 x64).

Then after the installation check if Service is enabled:

Run/Search > MsConfig

wireshark1

Remote Packet Capture Protocol v.0 (experimental) needs to be enabled.

(if not, computer restart will be needed to service to be enabled)

After we enable the service we need to check if service is running:

Run/Search > Services

wireshark2

Right click on Service: Remote Packet Capture Protocol v.0 (experimental) – select: Start

Check running services in cmd with command:

net start

 

This slideshow requires JavaScript.

Secondly after we have service running we can start capturing traffic.

Open CMD  > Running as Administrator:

You need to get to folder where Wireshark is installed => C:\Program Files\Wireshark

step1

Example in CMD:

step2.1
CMD commands & list of networks in Wireshark
  1. cd\ => this command moves you to root directory C
  2.  then after you’re on C:\ type => cd C:\Program Files\Wireshark to move to directory where installation files are.
  3. To capture real-time traffic type: tshark -D
  4. list of network connections will appear
  5. to select connection type (in my case Wifi) type: tshark -i1
  6. to end live capture select Ctrl+C (for Windows users)
step2.2
Select network type and logs about traffic will start.
step2.3
To end running traffic type: CTRL+C

Take care of your system and network security!

Some credit and help for post from:

http://www.howtogeek.com/106191/5-killer-tricks-to-get-the-most-out-of-wireshark/

Further reading – list of all commands:

https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s