2.4 Wireshark

Wireshark, like tcpdump, is a program that allows for the capture of network traffic. We did not use Wireshark on our Kali box to collect traffic, however, we did utilize Wireshark’s GUI locally in order to read packet information that was captured. With the number of additional tools that Wireshark adds to tcpdump in viewing traffic, we could do things like rebuild a tcp session to see all the information being sent across in a single text file, with the contents of each transmission on their own line. This made searching for things like usernames and passwords much simpler than attempting to view each packet individually as we would have to do with tcpdump.