How to use Wireshark Basics

Chưa phân loại

What is Wireshark?

Wireshark is an open source and free packet analyzer. It’s a widely used packet capturing tool among others.

How to download Wireshark and install for different OS?

Wireshark can be downloaded freely from the official website.

Here is the link to Download Wireshark. For Windows, MAC an installer will be downloaded and later it can be installed. For Linux, Wireshark can be installed through command also. Here is the command for Ubuntu:

apt-get install Wireshark

Other than these three operating systems there are other Wireshark installer can be found on the official website.

Here is the screenshot for the download page

Intention of this article?

In this article we will understand how to use Wireshark for basic usages. Here we have used Windows 10 and Wireshark version is 3.0.1. So if you are using different Wireshark version then some options may be in different places.

Steps to work with Wireshark:

After Wireshark has been installed, we need to open the Wireshark application. Here is the screenshot for 1st window of Wireshark with explanation:

Now how to get what are the interfaces?

For windows -> open command line -> run command “ipconfig

Here is the screenshot for ipconfig command

So the logic is first check ipconfig for active interfaces and then open Wireshark to capture on active interfaces. Follow the above screenshot to know which interface is active. Now as we know that Wi-Fi interface is active then we will capture on that interface. Just double click on that interface to capture packets. Here is the screenshot:

Here is the screenshot for live capturing

Now there are three main portions of Wireshark windows. Here is the screenshot [1, 2, 3]:

Here is the screenshot to show the overview of a clicked packet:

Coloring Rule: Here is the screenshot for default coloring rule for different types of packets:

Here is the screenshot if disable coloring rule:

Now we can customize coloring rule from View -> Coloring Rules. Here is the screenshot:

So now you can modify coloring rule according to your need.

Wireshark column: Here is the screenshot for Wireshark default columns:

Now if we want to add port number as column, we have to follow below steps mentioned in screenshot

There are many settings we can modify under Edit->Preferences. Here is the screenshot:

Here is the screenshot to show the important and useful options from preferences:

Here are some display filters from Wireshark. Analyze -> Display Filters

If you want to change the capturing interface follow below option:

Capture -> Options

Here is the screenshot for changing capturing interface:

After capturing is completed it’s is recommended to save the capture for future analysis. Here is the screenshot for saving a capture:

If you try to capture on an interface where no packets are there you will see below error message after you stop the capture.

And then you will be redirected to main page to select the correct interface.

For capture analysis there is on statistics Here is the screenshot for showing the important sub-menu.

Example: Here is the I/O graph to understand the packet exchanges through graph:

Here is the step to extract HTTP data like image, txt etc from capture:

You can get access to samples capture for your analysis from here: SampleCaptures


There are many options and ways to debug a capture through Wireshark. We have just discussed the basic and commonly used options from Wireshark. One more advantage of Wireshark is that it’s an open source , so you will get solution for each and every issues in internet.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Install GNU Octave and External Packages

Numerical computations are essential in a lot of industries. Today, machine learning and deep learning are the driving...

How to read and print pretty JSON with PHP

JSON is a popular data storage format to exchange data between server and browser. It is derived from JavaScript and supported...

How to Use Linux SCP Command

The full form of SCP is Secure Copy. It is used to securely copy files from your computer to remote servers and remote...
Bài Viết

Bài Viết Mới Cập Nhật

Lý do tại sao bạn nên sử dụng proxy khi truy cập web đen

Các lỗi thường gặp khi sử dụng proxy và cách khắc phục chúng.

Tác động của việc sử dụng proxy đến tốc độ kết nối internet của bạn.

Các tiện ích và công cụ để quản lý proxy.

Các cách để kiểm tra tốc độ và độ ổn định của proxy.