Wireshark is the ultimate tool for network sniffing, it’s available for almost any Operating System from MAC OS X, Linux and Microsoft. I think the difference is mainly in Remote Packet Protocol service/driver, because it’s customized for specific OS architecture/hardware.
You can find the download file here: https://www.wireshark.org/#download
They also provide many pages of know-how: https://www.wireshark.org/docs/
So you can go deep.
But today or tonight is my plan to show you how to sniff network traffic with Wireshark running in CMD/DOS/terminal style. Why is this good? You can run Wireshark in GUI free systems.
Firstly you need to have installed Wireshark.
I have version 2.0.5 64-bit version and Win.Pcap 4.1.3 (on Windows 10 x64).
Then after the installation check if Service is enabled:
Run/Search > MsConfig
Remote Packet Capture Protocol v.0 (experimental) needs to be enabled.
(if not, computer restart will be needed to service to be enabled)
After we enable the service we need to check if service is running:
Run/Search > Services
Right click on Service: Remote Packet Capture Protocol v.0 (experimental) – select: Start
Check running services in cmd with command:
Secondly after we have service running we can start capturing traffic.
Open CMD > Running as Administrator:
You need to get to folder where Wireshark is installed => C:\Program Files\Wireshark
Example in CMD:
- cd\ => this command moves you to root directory C
- then after you’re on C:\ type => cd C:\Program Files\Wireshark to move to directory where installation files are.
- To capture real-time traffic type: tshark -D
- list of network connections will appear
- to select connection type (in my case Wifi) type: tshark -i1
- to end live capture select Ctrl+C (for Windows users)
Take care of your system and network security!
Some credit and help for post from:
Further reading – list of all commands: