Wireshark Pi 

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

Kali Linux, is an operating system (OS) which has been created specifically for ethical hacking and digital forensics. It provides with numerous tools such as nmap, and Metasploit and is considered as one of the most popular OS for cyber security specialists. There are other OS made for penetration testing such as Parrot OS and Black Arch but generally it is easier to access Kali Linux than these alternatives.

In the late 1990s, Gerald Combs, a computer science graduate of the University of Missouri–Kansas City, was working for a small Internet service provider. The commercial protocol analysis products at the time were priced around $1500 and did not run on the company's primary platforms (Solaris and Linux), so Gerald began writing Ethereal and released the first version around 1998. The ethereal trademark is owned by Network Integration Services. In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on most of Ethereal's source code (and the rest was re-distributable under the GNU GPL), so he used the contents of the Ethereal Subversion repository as the basis for the Wireshark repository. However, he did not own the Ethereal trademark, so he changed the name to Wireshark. In 2010 Riverbed Technology purchased CACE and took over as the primary sponsor of Wireshark. Ethereal development has ceased, and an Ethereal security advisory recommended switching to Wireshark.

Wireshark is a network or protocol analyser (also known as a network sniffer) available for free at the Wireshark website. It is used to analyse the structure of different network protocols and has the ability to demonstrate encapsulation. The analyser operates on Unix, Linux and Microsoft Windows operating systems, and employs the GTK+ widget toolkit and pcap for packet capturing. Wireshark and other terminal-based free software versions like Tshark are released under the GNU General Public License. Wireshark shares many characteristics with tcpdump. The difference is that it supports a graphical user interface (GUI) and has information filtering features. In addition, Wireshark permits the user to see all the traffic being passed over the network.

In this project we are going to use Wireshark to capture, filter and analyse data. As a development of a program you could put this between a router and other network devices to inspect all of the traffic passing in and out of the network. Also, the students could use the Alpha Card in the kit to analyse other people’s data traffic on a different wireless network.

Suggested Year Group

The suggested age group is 16+, due to the nature of this project and the skills it is developing.

 

Learning Outcomes

  • Understand the basic principles of Wireshark;

  • Learn about the benefits of using Wireshark;

  • Run Wireshark on Kali Linux on the Raspberry Pi and use it to capture, filter and analyse data.

 

Hardware Required

Component Number (Peli Case)

(Base) 4 + 5

(Base) 5

(Base) 9

(Level 1) 3

(Level 1) 3

(Level 1) 5

(Level 1) 1

 

Component Number (Box Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 12

Slot 13

 

Component

Raspberry Pi + Case

Kali SD Card

TFT Screen

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply Unit

 

VIDEO GUIDE

 

Conclusion

This project is designed to introduce the students to Wireshark and the applications this technology has in IT. The students have used Wireshark on the Raspberry Pi to detect incoming traffic then have captured the data, then taken that data and filtered it to then be further inspected. Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals. Keep in mind that the Raspberry Pi is limited in processing power and will not be able to handle large volumes of traffic accurately.