Using Wireshark

There can be instances where we may require analyzing the network traffic so as to find the cause of the problem.  To do this we can use WireShark. 

Wireshark is a network protocol analyzer.  You can download it for FREE by clicking the logo below:

Steps that may be helpful in using Wireshark:

1.  Select the network interface you want to listen for the traffic.

For that either click 'Interface List' on the main window or go to Capture –> Select Interfaces –> SelectOptions… –> Select an appropriate network interface

2.  Click 'Start' button –> You will see the network traffic for that interface in the window

3.  Filters can be applied so as to view only packets that are of importance.

To apply a filter –> write the filter expression in the Filter Window –> Press 'Enter' or 'Apply'.

Some common filters are:-

1. ‘tcp’ = for viewing TCP packets only.
2. ‘udp’  = for viewing UDP packets only.
3. ‘sip’ = for viewing SIP packets only.
4. ‘ip.src == <ip address>’ = for viewing traffic coming from a specific ip address only.
5. ‘ip.dst == <ip address>’ = for viewing traffic going to a specific ip address only.

4.  Once we have captured the packets, we can stop listening to network traffic by pressing 'Stop' button or by going to menu 'Capture –> Stop'.

All the filters can be applied together with different logical operators like '&&' for 'And' operation, '||' for 'Or'operation, '!' for 'Not' operation etc.

There are many other filters that may be used. Please refer to Wireshark Help for more details.

5.  To Analyse a packet –> Select the packet you want to view –> its information will then be displayed in themiddle pane.

–> You can then click on any item in middle pane –> its information will be displayed in the bottom pane.

6.  To copy any data 'bytes' –> Right click on that data –> Go to Copy –> Bytes –> Printable Text Only (This will copy the data in a readable text form)

End of article.

If you wish to receive updates on this article, please click the 'Follow' button on top.