How to Sniff Passwords using Wireshark

Wireshark is most famous network protocol analyzer in world. It lets one scan what’s happening on your network and gives you all details one needs to monitor his network. It is widely used all around world in many industries and educational institutes. Here we will learn how to Sniff Passwords using Wireshark.

This tutorial can be used for good purpose and also bad purpose by some readers. It depends on how responsible you are. We hope that that you use this knowledge for right purpose as you would not like someone else sniff your passwords. So don’t do it with others too.


Disclaimer – This tutorial is only for knowledge purpose and for penetration tester and security enthusiasts. We advise that you test this tutorial on system which belongs to you and which won’t affect any one’s privacy. Geek Gyan is not responsible if any psychopath uses this tutorial to harm others.


  1. Wireshark Network Analyzer
  2. Network Card which supports Promiscuous mode.

Steps to Sniff Passwords using Wireshark

Step 1: Starting Wireshark and capturing packets

In Kali Linix start wireshark by going to

Application > Kali Linux >Top 10 Security Tools > Wireshark

In Wireshark click on Capture and then Interface and select the network which applies to you.

Now you can just press the Start button and Wireshark will start capturing all the packets on netwok . You can do this step anytime by going to Capture > Interface > Start

Step 2:  Filtering the required data

Once you press the Start button Wireshark will start capturing all the network traffic. Meanwhile open your browser and login to a website using username and password. Once your logged in stop the capturing process in Wireshark.

When we login using username and password the the there are two ways the data can be sent. One is GET and another is POST. GET can't be used in case of sending sensitive data as it concats data to URL which makes data visible. So in our case data is sent via POST.

To filter all traffic for POST data type in following command in filter section

http.request.method == “POST”

Step 3: Filter POST data for Username and Password

Right click on the filtered POST data and select Follow TCP Stream

This will pop up a new window which looks something like this:

Ah there its is! The username and password you typed in were

Username: sampleuser
Password: e4b7c855be6e3d4307b8d6ba4cd4ab91

Hold on a moment. e4b7c855be6e3d4307b8d6ba4cd4ab91 can’t be any real password. Right?. Yes you guessed it right it’s in hashed form.

To get the original password just open a new terminal and type

Hashcat –m -0 –a 0 /root/wireshark-hash.lf  /root/rockyou.txt

And here you get your real password. We hope you use this tutorial for only testing purpose and wont harm anyone.