Analyzing packet dumps with Wireshark
Most sniffers have the capability to produce some kind of logfile, or raw packet dump, containing all the network traffic that it picks up. Unless you're Neo from The Matrix, you're not expected to stare at the monitor and decipher the network packets live as they scroll by. Instead, you'll want to open up your logfile in a good traffic analyzer and start filtering the information so that you can follow the network conversation you're interested in.
Wireshark is an excellent packet analyzer that can open up and dissect packet logs in a standard format called pcap. Kismet already logs to pcap format by default and Ettercap can be told to do so with the -w argument, as in the following command:
pi@raspberrypi ~ $ sudo ettercap -q -T -i wlan0 -M arp:remote -d -w mycapture.pcap /[Router IP]/ /[PC IP]/
The only difference running Ettercap with pcap logging is that it logs every single packet it can see whether it matches the target specification or not, which...
