What Is Wireshark?
Originally known as Ethereal, Wireshark displays data from hundreds of differentprotocolson all major web link types.
Data packets can be viewed in real-time or analyzed offline.
Wireshark supports dozens of capture/trace file formats, includingCAPandERF.
Integrated decryption tools display the encrypted packets for several common protocols, includingWEPandWPA/WPA2.
You’ll see the latest stable release and the current developmental release.
Unless you’re an advanced user, download the stable version.
During the Windows setup process, choose to installWinPcaporNpcapif prompted as these include libraries required for live data capture.
You must be logged in to the unit as an administrator to use Wireshark.
In Windows 10, search for Wireshark and selectRun as administrator.
In macOS, right-smack the app icon and selectGet Info.
In theSharing & Permissionssettings, give the adminRead & Writeprivileges.
The program is also available forLinux and other UNIX-like platformsincluding Red Hat, Solaris, and FreeBSD.
The binaries required for these operating systems can be found toward the bottom of theWireshark download pageunder theThird-Party Packagessection.
you might also download Wireshark’s source code from this page.
Displayed to the right of each is an EKG-style line graph that represents live traffic on that internet.
To select multiple networks, hold theShiftkey as you make your selection.
In theWireshark Capture Interfaceswindow, selectStart.
There are other ways to initiate packet capturing.
Select theshark finon the left side of the Wireshark toolbar, press Ctrl+E, or double-hit the data pipe.
SelectFile>Save Asor choose anExportoption to record the capture.
To stop capturing, pressCtrl+E.
Or, go to the Wireshark toolbar and grab the redStopbutton that’s located next to the shark fin.
A broken horizontal line signifies that a packet is not part of the conversation.
Thishex dumpcontains 16 hexadecimal bytes and 16 ASCII bytes alongside the data offset.
Any bytes that cannot be printed are represented by a period.
How to Use Wireshark Filters
Capture filters instruct Wireshark to only record packets that meet specified criteria.
These are referred to as display filters.
Wireshark provides a large number of predefined filters by default.
For example, if you want to display TCP packets, typetcp.
Another way to choose a filter is to select thebookmarkon the left side of the entry field.
ChooseManage Filter ExpressionsorManage Display Filtersto add, remove, or edit filters.
Capture filters are applied as soon as you begin recording connection traffic.
To apply a display filter, go for the right arrow on the right side of the entry field.
This quickly locates certain packets within a saved set by their row color in the packet list pane.
Wireshark comes with about 20 default coloring rules, each can be edited, disabled, or deleted.
SelectView>Coloring Rulesfor an overview of what each color means.
you’re free to also add your own color-based filters.
SelectView>Colorize Packet Listto toggle packet colorization on and off.
Statistics in Wireshark
Other useful metrics are available through theStatisticsdrop-down menu.
