Capturing traffic with Wireshark
Wireshark is a popular open source packet analyzer and a very powerful tool for many IT professionals. It provides a deep level of visibility into network traffic, making it useful for many purposes. A SOC (Security Operations Centre) analyst may use it as an incident response tool to investigate a reported intrusion; a network analyst can use it to troubleshoot connectivity problems; and an application administrator might use it to see what parameters are being sent between nodes. Because of this flexibility and visibility, it is an ideal tool for digging through the traffic captured during our wireless security assessment. In addition to its ability to do after-the-fact analysis, Wireshark has the ability to capture traffic on live interfaces. This enables us to capture wireless traffic via the monitor mode interface on the wireless adapter.
Running Wireshark on Windows is not covered in any depth in this book since Kali is our platform of choice, but be...