Using Wireshark for Packet analysis

Before we start using wireshark let's first install it. Installing wireshark for Linux platform is super easy. Just run the following command:

sudo apt-get install wireshark

For Windows users, you will have to download wireshark from here and then install it.

Now, once we have successfully installed wireshark, we will use it. Upon firing up Wireshark first you need to choose the interface for which you want to capture the traffic for wireless, ethernet etc.

Using Wireshark for network analysis

If you are not sure about your interface just type ifconfig(ipconfig for windows) in command line and see what interface you are using currently to browse the web. After selecting the interface click on Capture packet button from the toolbar.

Using Wireshark

Now as you have clicked the capture button you will see random flooding of data in the Wireshark dashboard. Well, this is your network traffic. Some elementary ways to filter traffic:

  • To filter traffic from any specific IP address type: ip.addr == 'xxx.xx.xx.xx' in the Apply a display filter field.
  • To filter traffic for specific protocol say TCP, UDP, SMTP, ARP, DNS Requests etc just type the protocol name in the Apply a display filter field.

Filtering by IP address

Using Wireshark

Filtering by Protocol name

Using Wireshark

Saving the captured data on Wireshark

You can save the captured traffic data using following steps:

  • Stop the packet capture by clicking on the Stop button.
  • Go to, File → Save as → Filename.pcap

Note: For this tutorial save the file in .pcap format.