Capturing traffic

Learning how to use packet-capturing tools is vital for any security professional. We will cover two packet capturing tools in this section: Wireshark (GUI-based) and tcpdump (CLI-based).

Before we begin using these tools, let's take a step back to understand why there will be a need to capture traffic when performing a penetration test. Network traffic travels in packets, and each packet holds a number of fields that contain the information it needs to travel across the network and perform a certain function. Performing a packet capture (or packet sniffing) will allow you to view the structure of the packets, plus any data that is available. Some protocol traffic is unencrypted, such as FTP. This will allow you to see the username and password in clear text.