Wireshark Tutorial for Beginners 2021 | A Network Packet Analyzer

What is a sandbar shark?

Wireshark is a network packet analyzer. The network packet analyzer displays the recorded packet information in as much detail as possible.  A network packet analyzer can be thought of as a meter that analyzes what’s happening in a network cable, much like an electrician uses a voltmeter to analyze what’s happening in a power line (but to a greater extent, of course). In the past, these tools were very expensive, proprietary, or both. But with the advent of the wire dock, that changed. Wireshark is free and open source software, and one of the best package analyzers available today.

Shark launching guide

When you start Wireshark, the Wireshark graphical user interface is shown in Figure 2. The data is not initially displayed in different windows.

Wireshark graphical user interface

The Wireshark interface consists of five main elements:

  • The command menus are default drop-down menus at the top of the window. The menus we are interested in now are the File and Save menus. The File menu allows you to save captured packet data or open a file containing previously captured packet data and exit the Wireshark application. From the Record menu, you can begin recording packets.
  • The packet list window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; this is not the number of the packet in a protocol header), the time the packet was captured, the source and destination addresses of the packet, the protocol type, and any protocol-specific information in the packet. The list of packages can be sorted by one of these categories by clicking on the column name. The Protocol Type field lists the highest level protocol that sent or received this packet, that is, the protocol that is the source or destination sink for this packet.
  • The Packet Header Details window contains detailed information about the selected (highlighted) packet in the Packet List window. (To select a package in the package list window, move the cursor to the package preview of a line in the package list window and click the left mouse button). These details include the Ethernet frame information (assuming the packet was sent/received over the Ethernet interface) and the IP datagram containing the packet. The number of Ethernet and IP layer details displayed can be increased or decreased by clicking on the boxes to the left of the Ethernet frame or IP datagram line in the Packet Details window. If the packet was sent via TCP or UDP, the TCP or UDP details are also displayed and can be expanded or collapsed. Finally, information is provided about the higher level protocol that sent or received the packet.
  • The batch content window displays the entire contents of the captured frame in ASCII and hexadecimal format.
  • At the top of the Wireshark GUI is a packet view filter field where you can enter the protocol name or other information to filter the information displayed in the packet list field (and thus the packet header and content fields). In the following example, we use the packet display filter field so that Wireshark hides (does not display) all packets except those corresponding to HTTP messages.

Also check : How math helps with hacking

Receipt of guide shark test

The best way to discover new software is to try it out! We assume that your computer is connected to the Internet via a wired Ethernet interface. Proceed as follows:

Step one: Launch your favorite web browser, which will display the home page of your choice.

Step two: Run the Wireshark program. Initially, you will see a window like the one in Figure 2, except that no packet data is displayed in the packet list field, packet header, or packet content, because Wireshark has not yet started recording packets.

Step three: To begin saving packages, select the Save menu at the bottom and select Options. This subpoena is addressed to the Drahthai: The Recording Options window, as shown in Figure 3.

Shark line recording window

Step four: You can use most of the default settings in this window, but you can deselect the Hide Information dialog box under Display Options. Network interfaces (i.e., physical connections) from your computer to the network are displayed in the Interface menu at the top of the Capture Options window. If your computer has more than one active network interface (for example, if you have a wired and wireless Ethernet connection), you must select the interface you want to use for sending and receiving packets (probably the wired interface). After selecting a network interface (or using the default interface selected by Wireshark), click Start. Packet capture now begins – all packets sent/received to/from your computer are now captured by Wireshark!

Step Five: Once you begin recording packets, a packet recording summary screen appears, as shown in Figure 4. This screen lists the number of different types of packets being recorded, and (importantly!) includes a Stop button that allows you to stop recording packets. Don’t stop capturing packages just yet.

Wireshark packet-capture window

Step six: With Wireshark up and running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html and display this page in your browser. To view this page, your browser contacts the HTTP server at gaia.cs.umass.edu and exchanges HTTP messages with the server to load this page, as described in section 2.2 of the text. Ethernet frames containing these HTTP messages are recorded by Wireshark.

Step seven: Once your browser displays the INTRO-wireshark-file1.html page, stop capturing Wireshark packets by selecting Stop in the Wireshark window. This hides the Wireshark window and shows in the main Wireshark window all packets captured since the start of the packet capture. The main Wireshark window should now look like Figure 2. You now have real-time packet data that contains all the protocol messages you exchange between your computer and other network structures! The HTTP message exchange with the gaia.cs.umass.edu web server should appear somewhere in the intercepted packet list. However, many more types of packages are displayed (for example, see the many different types of protocols in the protocol column in Figure 2).

Even if the only action you performed was loading a web page, there are of course many other logs on your computer that are not visible to the user. We will learn much more about these protocols as we go through the text! Meanwhile, you should know that there is often much more to it than what you see!

Step 8 : Type http (without quotes and all protocol names in lowercase in Wireshark) in the Display Filter Specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered http). Thus, only the HTTP message is displayed in the batch list window.

Step 9 : Select the first http message that appears in the batch list window. This should be the HTTP GET message sent from your computer to the gaia.cs.umass.edu HTTP server. When an HTTP GET message is selected, the packet header window3 displays information about the Ethernet frame, IP datagram, TCP segment, and HTTP message header. By clicking the plus and minus boxes on the left side of the Packet Details window, you can minimize the information displayed about frames, Ethernet, Internet Protocol, and Transmission Control Protocol. Maximize the amount of information displayed in the HTTP log. Your Wireshark screen should now look like Figure 5. (In particular, note the minimum amount of protocol information for all protocols except HTTP and the maximum amount of protocol information for HTTP in the packet header).


That’s it for Midshipman Wyrshark. I hope this tutorial has taught you something.

Post Views : 3

 how to use wireshark to get passwordswireshark tutorial pdfis wireshark legalwhat can you do with wiresharkwireshark tcp analysis tutoriallifewire com wireshark tutorial 4143298wireshark hardwarebest os for wiresharkwireshark windows compatibilitywhat hardware does wireshark needcan wireshark be setup on a cisco routerwhat can you do with wireshark redditwireshark network analysis pdfhow to use wireshark network analyzerwireshark network analyzer downloadhow to read wireshark pcapwireshark tutorial pptwireshark geeksforgeeksthe address resolution protocol is fortcp.srcport=2222 representsadvantages of wiresharkbest wireshark settingshow to sniff packets with wiresharkwireshark open networkwireshark reviewwireshark hackspcap filter cheat sheetwireshark bad tcpwireshark capture filter cheat sheetwireshark no interfaces foundhow to use wireshark to spyactive sniffingwireshark latency graphwhat is the purpose of tcp syn scan in nmap?wireshark real-time monitorwireshark measure network trafficmicrosoft's message analysermeasuring bandwidth usage using wiresharkwireshark tutorial: how to sniff network traffichow to read wireshark capture packetshow to use wireshark to monitor network traffichow to capture packets in wiresharkpacket analysis tutorialwireshark tutorial 2020wireshark download

You May Also Like