How to analyze packets with Wireshark basics

· Category: Networking

Short answer

Wireshark is a free network protocol analyzer that captures live traffic and lets you inspect individual packets in detail.

Steps

  1. Select an interface: Launch Wireshark and choose the network adapter to capture from.

  2. Start capturing: Click the shark fin icon to begin. Stop when you have captured relevant traffic.

  3. Apply display filters: Use filters like ip.addr == 192.168.1.1, tcp.port == 443, or dns to narrow results.

  4. Inspect packets: Click any packet to view layered protocol details and the raw hex dump.

  5. Follow streams: Right-click a packet and select Follow > TCP Stream to reconstruct a full conversation.

Tips

  • Capture during the problem to avoid noise.
  • Use capture filters (Berkeley Packet Filter syntax) to reduce file size.
  • Disable promiscuous mode unless you need traffic not destined for your machine.

Common issues

  • Capturing without privileges causing empty results.
  • Overwhelming file sizes from long captures.
  • Misreading retransmissions as primary failures rather than recovery.