Wireshark

Agregar usuario al grupo wireshark.

sudo su
usermod -a -G wireshark <username>

Listar interfaces.

wireshark -D

Iniciar captura con tarjeta inalámbrica en modo monitor.

wireshark -i <interface> -k
wireshark -i wlan0 -k

Iniciar captura con interfaz virtual en modo monitor.

wireshark -i <virtual-interface> -k
wireshark -i wlan0mon -k

Iniciar captura con filtro.

wireshark -i <interface-mon> -k -f "<filter>"
wireshark -i wlan0mon -k -f "((wlan addr1 <BSSID>) or (wlan addr2 <BSSID>) or (wlan addr3 <BSSID>) or (wlan addr4 <BSSID>)) and not (subtype beacon) and not (type ctl) and not (subtype probe-req) and not (subtype probe-resp)"

Captura desde standard output (stdout).

# tcpdump 
tcpdump -U -w - -i <interface-mon> | wireshark -k -i -
tcpdump -U -w - -i wlan0mon | wireshark -k -i -

# dumpcap
dumpcap -w - -P -i <interface-mon> | wireshark -k -i -
dumpcap -w - -P -i wlan0mon | wireshark -k -i -

# tshark
tshark -w - -i <interface-mon> | wireshark -k -i -
tshark -w - -i wlan0mon | wireshark -k -i -

Captura remota.

# SSH + tcpdump 
ssh <user>@<IP-address> "sudo -S tcpdump -U -w - -i <interface-mon>" | sudo wireshark -k -i -

AnteriorTarjeta inalámbrica SiguienteAircrack-ng

Última actualización hace 3 años