How to use Wireshark Basics

29/12/2020
Chưa phân loại

What is Wireshark?

Wireshark is an open source and free packet analyzer. It’s a widely used packet capturing tool among others.

How to download Wireshark and install for different OS?

Wireshark can be downloaded freely from the official website.

Here is the link to Download Wireshark. For Windows, MAC an installer will be downloaded and later it can be installed. For Linux, Wireshark can be installed through command also. Here is the command for Ubuntu:

apt-get install Wireshark

Other than these three operating systems there are other Wireshark installer can be found on the official website.

Here is the screenshot for the download page

Intention of this article?

In this article we will understand how to use Wireshark for basic usages. Here we have used Windows 10 and Wireshark version is 3.0.1. So if you are using different Wireshark version then some options may be in different places.

Steps to work with Wireshark:

After Wireshark has been installed, we need to open the Wireshark application. Here is the screenshot for 1st window of Wireshark with explanation:

Now how to get what are the interfaces?

For windows -> open command line -> run command “ipconfig

Here is the screenshot for ipconfig command

So the logic is first check ipconfig for active interfaces and then open Wireshark to capture on active interfaces. Follow the above screenshot to know which interface is active. Now as we know that Wi-Fi interface is active then we will capture on that interface. Just double click on that interface to capture packets. Here is the screenshot:

Here is the screenshot for live capturing

Now there are three main portions of Wireshark windows. Here is the screenshot [1, 2, 3]:


Here is the screenshot to show the overview of a clicked packet:

Coloring Rule: Here is the screenshot for default coloring rule for different types of packets:

Here is the screenshot if disable coloring rule:

Now we can customize coloring rule from View -> Coloring Rules. Here is the screenshot:

So now you can modify coloring rule according to your need.

Wireshark column: Here is the screenshot for Wireshark default columns:

Now if we want to add port number as column, we have to follow below steps mentioned in screenshot


There are many settings we can modify under Edit->Preferences. Here is the screenshot:

Here is the screenshot to show the important and useful options from preferences:


Here are some display filters from Wireshark. Analyze -> Display Filters

If you want to change the capturing interface follow below option:

Capture -> Options

Here is the screenshot for changing capturing interface:


After capturing is completed it’s is recommended to save the capture for future analysis. Here is the screenshot for saving a capture:

If you try to capture on an interface where no packets are there you will see below error message after you stop the capture.

And then you will be redirected to main page to select the correct interface.


For capture analysis there is on statistics Here is the screenshot for showing the important sub-menu.

Example: Here is the I/O graph to understand the packet exchanges through graph:

Here is the step to extract HTTP data like image, txt etc from capture:

You can get access to samples capture for your analysis from here: SampleCaptures

Summary:

There are many options and ways to debug a capture through Wireshark. We have just discussed the basic and commonly used options from Wireshark. One more advantage of Wireshark is that it’s an open source , so you will get solution for each and every issues in internet.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Lock Ubuntu Packages and Prevent Them from Updating

There are a few cases when you may want to freeze an Ubuntu package to a particular version. Reasons could range from a...
29/12/2020

Hướng dẫn fix lỗi erro 500 internal server

1. Lỗi HTTP Error 500 là gì? Do một sự cố nào đó trên máy chủ mà người dùng truy cập sẽ có thông...
28/12/2020

Finding strings in text files using grep with regular expression

grep is one of most popular tools for searching and finding strings in a text file. The name ‘grep’ derives from a...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

mua Proxy riêng ở đâu, và nó đem lại lợi ích gì cho người sử dụng
22/11/2022

Hướng dẫn sử dụng Proxy Helper Fakeip khi thuê proxy
21/11/2022

PROXY NUÔI TÀI KHOẢN FACEBOOK – KINH NGHIỆM FAKE IP – THUÊ PROXY GIÁ RẺ
14/11/2022

Mua Proxy Nuôi Zalo Giá Rẻ Tại Onet.com.vn
14/11/2022

BẢNG GIÁ MUA PROXY VIỆT NAM và PROXY US Onet.com.vn
14/11/2022