Analyse packets going out of my computer

Question

Whenever I open a website in my browser, I want to see the packet that is going out of my computer. I want to do this to check how the proxy extension on my browser is encrypting the information.

Is there a way to check the packet that is going out of my NIC?

Answer 1

Some sniffer tool like tcpdump or wireshark may help you.

Wireshark is easier, with a good GUI and easy to learn and advanced filtering rules, analyse each packet on all levels of the packet, save packets into external files, load from external files, filter prototyped protocols and more advanced usage.

tcpdump is fast and useful but it will require a little bit more learning than wireshark GUI. But, is a really good solution for command line, ready to use.

A simple step-by-step for wirshark:

1. Install wireshark
2. Open it with root/admin permissions
3. Choose the target NIC
4. Click on 'Start' for start packet sniffer
5. On this new window, you will see a list of continous packets passing--through chosen NIC

6. On the top of this window, you have a filtering field. By example, you can write down on it:

   tcp.port == 443 and ip.addr = 10.0.0.106

7. Then, only packets matching this rule will be shown

On this example, we are filtering all traffic passing by TCP port 443 (SSL) and have even target (request) and source (response) host under address 10.0.0.106.

It is possible filter by mac-addresses, and a lot of parameters under each packet, protocol specific parameters, and a lot of things.