Ask Your Question

Is it possible with Wireshark to recognize true or fake source of destination website.

asked 2023-07-13 05:03:45 +0000

Valdi gravatar image

updated 2023-07-13 05:06:10 +0000

I am unholy newbie for Wireshark and other network monitoring programs.

My story is based on new experience to which I ended up. Lately I been ddosed smurfed also had undercover proxy server, was also deeded with faked websites of my interest and God knows what else I had faced with my PC.

After nearly 2 month struggle with reinstall's resets and reconfiguration of my home network devices finally came out to world wide web access with no consequences.

But that experience left a mark with trust. And that's why I am here.

Is it possible with Wireshark to perform an internet traffic scanning or monitoring to understand is my destination website source is authentic or fake.

Also how to understand from scanned results am I again falling as victim to DNS spoofing or more funnier resultate that I became man in the midle dol.

I would appreciate for some short explanation and pointing me the direction for educational guidance source.

I am confused that much mostly due to lack of up to date certificate valid signatures from purchased provider of anti-virus with VPN.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2023-08-30 02:38:14 +0000

Wireshark is a powerful network packet analyzer that allows you to capture and inspect network traffic. While it can provide insights into the source and destination of network traffic, it is not specifically designed to definitively determine whether a website is true or fake.

Wireshark captures packets and shows you the data being exchanged between devices on a network. This can include HTTP requests and responses, which might give you information about the websites being accessed. However, determining whether a website is genuine or fraudulent typically involves more comprehensive analysis, including:

Domain Analysis: Examining the domain name, its spelling, and any variations to check for phishing attempts or imitations.

SSL Certificates: Checking for valid SSL certificates and verifying their authenticity.

Content Inspection: Reviewing the content of the website for inconsistencies, poor design, or unusual behavior.

Phishing Databases: Cross-referencing the website against known phishing databases.

URL Reputation Services: Using reputation services to check if the website is flagged as suspicious.

Browser Warnings: Paying attention to browser warnings about potential security risks when visiting a website.

While Wireshark can reveal aspects of network communication, it's only a small part of the process in determining whether a website is genuine or fake. For such analysis, it's recommended to use a combination of tools, security services, and good online practices to make informed decisions about the legitimacy of a website.

edit flag offensive delete link more

answered 2023-07-13 09:25:56 +0000

hugo.vanderkooij gravatar image

What you want is not something wireshark is designed for. Wireshark will capture the trffic and show you some details.

It is not a security tool which you currently seem to be looking for.

edit flag offensive delete link more


Thank you and I understood. I thought that as minimum I can monitor intrusive activity on my home network. As at the first impression it looks like a magic charm for network actors activity recognition.

Valdi gravatar imageValdi ( 2023-07-13 12:42:55 +0000 )edit

What you are looking for is an IDS. The mere fact that Wireshark dissects packets, an IDS it does not make.

Jaap gravatar imageJaap ( 2023-07-13 13:06:03 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2023-07-13 05:03:45 +0000

Seen: 577 times

Last updated: Aug 30 '23