Posted on: March 30, 2025

Let’s talk about Wireshark and Kali Linux—two tools that sound like they belong in an ‘80s hacker movie but are actually staples in the cybersecurity toolbox. I’ve got Kali running in a virtual machine on my Windows system—because I like my tools powerful, but my main OS untouched. Plus, if I break something (which happens more often than I care to admit), I can just roll back a snapshot and pretend I knew what I was doing the whole time. 😎

Kali in VirtualBox, bridged adapter, a little RAM, a couple cores, and enough disk space to break stuff safely—that’s the setup. I won’t bore you with the full walkthrough. If you’re reading this, you’ve probably already got it working (or rage-quit halfway through an ISO install like the rest of us).

I fired up Wireshark, picked the right network interface (eventually), and hit “Start Capturing.” BOOM. My screen lit up with packets like I just walked into the Matrix and forgot my sunglasses. At first, it felt like reading network traffic in ancient hieroglyphics, but with a little filtering and a lot of trial and error, things started to click. I tried filters like http to show me all the insecure things, dns to watch the internet try to find itself, and tcp.port == 80 because I needed to feel like a real analyst. I even typed password in the filter once just to see what popped up—immediate paranoia ensued. 🤦

Some of the cooler stuff I tried—without accidentally nuking my network—included live DNS lookups where I’d type a URL in the browser and watch my machine yell “WHO HAS GOOGLE?!” I tested unencrypted logins using a plain HTTP site and watched my credentials fly across the screen in readable text. That triggered instant trust issues. I also ran tcpdump in Kali and piped the output to Wireshark, just to feel like a CLI wizard even when I didn’t need to. And then there was ARP traffic, which is basically like watching devices ask each other “Are you my IP?” over and over again like some weird digital version of The Notebook.

Here’s what I’ve learned so far: filtering is everything—without it, you’re just staring at a soup of confusion. Kali is powerful, but not magical. The tools are there, but you still have to know how to use them (or be really good at Googling). Most modern sites are encrypted, which is great for the world and terrible for curiosity. And Wireshark? It’s a rabbit hole. You open it thinking “I’ll just take a peek” and resurface four hours later wondering why your printer is contacting servers in Germany.

Learning Wireshark inside Kali has been both eye-opening and slightly terrifying. Once you realize just how much your devices are talking—all the time—you never look at a network the same way again. Would I recommend it to someone getting into cybersecurity? Absolutely. Would I suggest doing it on someone else’s network? Only if you want to meet HR and legal at the same time.

More to come soon—maybe some Nmap fun, maybe some OSINT exploration. Or maybe just a story about how I accidentally firewalled myself out of my own test machine (again). 🤷‍♂️