In celebration of all things Shark Week, I'm biting into the basics of Wireshark!

Download HD Download MP4

Wireshark is a very powerful and popular network analyzer for Windows, Mac Linux- a tool that is used to inspect data passing through a network interface, be it your Ethernet LAN or even Wireless radio. These series of data are considered Frames, of which include "packets". Wireshark has the ability to capture all the fishy little packets that are sent and received over your network and decode them for analysis.

When you do anything on the internet, like browse websites, chat or transfer files, the data is converted into packets when it passes your network interface/LAN card. Wireshark will hunt for those packets in the TCP/IP layer (during transmission) and keep whatever it finds. It's important to keep Wireshark in mind if you're a network admin who needs to double check that all your customer's sensitive data is being transmitted securely!

On the other hand, you might want to watch out for those sharks using this tool on open networks or your company's computers, and steer clear of plaintext protocols like HTTP. Consider using HTTPS Everywhere, or encapsulating your packets in a secure SSH or VPN tunnel -- they're like shark cages for the Internet! After the break, lets boot up Wireshark and see how it works!

Run Wireshark as sudo if you don't see any interfaces: gksudo wireshark in terminal- sudo for graphical applications. I've already installed Wireshark and started the application. Under the "Capture" section, you can choose the device you want to sniff. At the top of the application is a button called "Capture Options" where you can customize your captures. Under the "Interface List" you'll see one of your devices actually sending and receiving packets. This is your active one. Click Options and customize to your liking, then click start. This will take you to a new pane that'll show you the packets that are being captured by Wireshark.

To gather some data we'll fire up our web browser and swim on over to

There are plenty of fishes in this sea, so hit the Stop button in Wireshark and you can start analyzing. Scroll through the long list of packets and find one that looks interesting.

There's a lot of info here so lets start with the columns. The first column is the packet number, the second is how many seconds it has been since the start of capture, the third column is the source IP address. The fourth column shows you where the packet will be sent- the destination IP address. The fifth column is the protocol that sent the packet (DNS for domain name servers, TCP for transmission control protocol, or HTTP for browsing for example). The last column shows you a little more information about what's going on during the packet capture.

Since we have a bunch of data collected we'll want to filter it. Let's look at just the http requests. To do so enter http.request in the filter bar in the top left and press enter. Once we find an HTTP packet of interest, we can right-click on it and select "Follow TCP Stream" to get the raw contents. Here we can see what I sent in pink, and Discovery's response in blue.

Did you catch a lot of packets today using Wireshark? Tell me about it in the comments or email me with your thoughts. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • Michael Mooring 2 years ago

    How to install Wireshark on Ubuntu: Simple !

    For those using Ubuntu like Snub’s is in this HakTip. 8)

  • Edward Allen 10 months ago

    Windows 7 64 where do go to dowmload WIRSHARK

  • It’s impressive that you are getting ideas from this piece of writing as
    well as from our discussion made here.

  • She sometimes works 40 hours a week. She is a single mom.
    She divorced when her now-grown children were small.

  • One other respectable website that has turned dangerous – what a disgrace!

  • She could not afford that both.

  • Hello. I ran across your blog post the employment of bing. That is definitely an extremely nicely created post. We will be guaranteed to take a note of the item and also go back to learn excess of your helpful details. Just article. I’m going to absolutely give back. Hello. I ran across your blog post the employment of bing. That is definitely an extremely nicely created post. We will be guaranteed to take a note of the item and also go back to learn excess of your helpful details. Just article. I’m going to absolutely give back.

  • Este cel mai cuprinzator paragraf despre HakTip 64 – How to Capture Packets with Wireshark.

  • Wonderful beat ! I wuld like to apprentice een as you amend
    your site, how can i subscribe for a bkog site? The account helped me a applicable deal.
    I were a litle bit familiazr of this your broadcast offered shiny transparent idea

  • Out of all of the different forms of unsecured loans
    which might be available for you, a payday advance is
    probably the best Eugena Wain innovative was honored in 2008 and again during 2009 as
    one from the inc.

  • Many those with low credit score have a poor credit mortgage loan and make
    use of this as being a stepping stone to
    rebuilding their credit score LifeHacker for the charge card owner, the worst damage
    can come in unknown purchases charged to his account.

  • We — it turned out somewhere probably north of $3 billion hermes handbags outlet yesterday, adams, a 260-store childrenswear chain, confirmed it’s to enter administration.

  • Today’s business model is about earning money through tricks and traps,” she said Gloria Durtschi musk said from the doe loan, which accounts for any third from the company’s capital raised thus far, that tesla has always made its payments on time and has never motivated to delay repayment.

  • Melvin Rieth is historical past of the he likes to be called with and
    his wife doesn’t like it at just about all. My family lives in Massachusetts nevertheless i need
    to act for his dad. What me and my loved ones love is camping although i haven’t created a dime needed.
    After being through his work for years he became a filing front
    desk staff. Check out the latest news on her website: cheap pandora charms uk

  • Hey There. I found your blog using msn. That is a really smartly written article.
    I’ll make sure to bookmark it and come back to read more
    of your helpful info. Thanks for the post. I will certainly return.