Q:

How do you use Wireshark?

A:

Quick Answer

To use Wireshark, launch the program, and begin capturing packets by clicking on the name of the interface you want to capture under the Interface List. Click the "Stop Capture" button in the toolbar to cease the capturing process, then save the capture. Return to the home screen, and click "Open" to retrieve the capture file. Ask a supervisor or other administrative staff member before using the program at work.

Continue Reading

Full Answer

The program color codes the packets that it lists. Transmission Control Protocol packets are green, User Datagram Protocol packets are light blue, Domain Name System packets are dark blue, and problematic TCP packets are black.

To filter the list in a way that only one type of packet displays, type the abbreviated name of the packet in the Filter box, and click "Apply." To save a filter type for easy access, click "Analyze" in the main menu, and select "Display Filters." Select a filter to display, and enter all required properties. Click "OK" to create the filter.

To view the entire stream content between the client and the server, right-click on a specific packet, and select "Follow TCP Stream." Close the stream to view the filter that Wireshark creates. To further inspect a specific packet, click on the packet to display its properties in the area below the list. Click the "+" symbol to reveal additional properties.

Learn more about Internet & Networking

Related Questions

Explore