How to use Wireshark Basics

29/12/2020
Chưa phân loại

What is Wireshark?

Wireshark is an open source and free packet analyzer. It’s a widely used packet capturing tool among others.

How to download Wireshark and install for different OS?

Wireshark can be downloaded freely from the official website.

Here is the link to Download Wireshark. For Windows, MAC an installer will be downloaded and later it can be installed. For Linux, Wireshark can be installed through command also. Here is the command for Ubuntu:

apt-get install Wireshark

Other than these three operating systems there are other Wireshark installer can be found on the official website.

Here is the screenshot for the download page

Intention of this article?

In this article we will understand how to use Wireshark for basic usages. Here we have used Windows 10 and Wireshark version is 3.0.1. So if you are using different Wireshark version then some options may be in different places.

Steps to work with Wireshark:

After Wireshark has been installed, we need to open the Wireshark application. Here is the screenshot for 1st window of Wireshark with explanation:

Now how to get what are the interfaces?

For windows -> open command line -> run command “ipconfig

Here is the screenshot for ipconfig command

So the logic is first check ipconfig for active interfaces and then open Wireshark to capture on active interfaces. Follow the above screenshot to know which interface is active. Now as we know that Wi-Fi interface is active then we will capture on that interface. Just double click on that interface to capture packets. Here is the screenshot:

Here is the screenshot for live capturing

Now there are three main portions of Wireshark windows. Here is the screenshot [1, 2, 3]:


Here is the screenshot to show the overview of a clicked packet:

Coloring Rule: Here is the screenshot for default coloring rule for different types of packets:

Here is the screenshot if disable coloring rule:

Now we can customize coloring rule from View -> Coloring Rules. Here is the screenshot:

So now you can modify coloring rule according to your need.

Wireshark column: Here is the screenshot for Wireshark default columns:

Now if we want to add port number as column, we have to follow below steps mentioned in screenshot


There are many settings we can modify under Edit->Preferences. Here is the screenshot:

Here is the screenshot to show the important and useful options from preferences:


Here are some display filters from Wireshark. Analyze -> Display Filters

If you want to change the capturing interface follow below option:

Capture -> Options

Here is the screenshot for changing capturing interface:


After capturing is completed it’s is recommended to save the capture for future analysis. Here is the screenshot for saving a capture:

If you try to capture on an interface where no packets are there you will see below error message after you stop the capture.

And then you will be redirected to main page to select the correct interface.


For capture analysis there is on statistics Here is the screenshot for showing the important sub-menu.

Example: Here is the I/O graph to understand the packet exchanges through graph:

Here is the step to extract HTTP data like image, txt etc from capture:

You can get access to samples capture for your analysis from here: SampleCaptures

Summary:

There are many options and ways to debug a capture through Wireshark. We have just discussed the basic and commonly used options from Wireshark. One more advantage of Wireshark is that it’s an open source , so you will get solution for each and every issues in internet.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

[MariaDB Replication] Các Test Case cho MariaDB Master-Slave

Replication MariaDB là một quá trình cho phép dữ liệu từ một máy chủ cơ sở dữ liệu MariaDB (master)...
30/12/2020

Create Beautiful Customizable Status Bars with Polybar for Linux

If the default Ubuntu status bar isn’t appealing to you, and you are looking for an app that could give you freedom...
28/12/2020

NodeJS with Redis

Redis is widely used as a caching server. At times, Redis is used as a database as well. It stores the data in a computer’s...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

SỰ KHÁC BIỆT GIỮA RESIDENTIAL PROXY VÀ PROXY DATACENTER
17/02/2024

Mua Proxy v6 US Private chạy PRE, Face, Insta, Gmail
07/01/2024

Mua shadowsocks và hướng dẫn sữ dụng trên window
05/01/2024

Tại sao Proxy Socks lại được ưa chuộng hơn Proxy HTTP?
04/01/2024

Mua thuê proxy v4 nuôi zalo chất lượng cao, kinh nghiệm tránh quét tài khoản zalo
02/01/2024