A complete Wireshark cheat sheet! How to use Wireshark to live-sniff network traffic
If you are a hacker or security researcher you have probably used Wireshark. Wireshark is a top Wi-Fi pentesting tool and top network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. With Wireshark, you can analyze a network to the greatest detail to see what’s happening. Wireshark can be used for live packet capturing, deep inspection of hundreds of protocols, browse and filter packets, and is a multi-platform tool.
Top Wireshark’s features:
- Deep inspection of hundreds of network protocols
- Live capture and offline analysis with powerful display filters.
- Captured network data can be browsed via a GUI or via the TTY-mode TShark utility.
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, WildPackets EtherPeek/TokenPeek/AiroPeek … it’s a long list. You can also export to XML, PostScript®, CSV, or plain text.
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform).
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
Thanks to Comparitech we now have a complete Wireshark commands cheat sheet as below:
You can download the Wireshark cheat sheet from here. The cheat sheet covers the following commands:
- Wireshark Capturing Modes
- Filter Types
- Capture Filter Syntax
- Display Filter Syntax
- Protocols – Values
- Filtering packets (Display Filters)
- Logical Operators
- Default columns in a packet capture output
- Miscellaneous Items
- Keyboard Shortcuts
- Common Filtering Commands
- Main Toolbar Items
That’s it. You can use this Wireshark cheatsheet to live sniffer network traffic. Don’t forget to thank Tim Keary from Comparitch for preparing this awesome cheatsheet.