Wireshark network protocol analyzer a project started by Gerald Combs in 1998 with contributions from hundreds of volunteer around the world. It will sniff Ethernet card – Wire of Wireless and provide you complete microscopic view of all packet as they exist and enter your Ethernet card. Currently, this software is use my several commercial, INGOs, government agencies to capture traffic and analyze it.
Few features of Wireshark are
- Live traffic capture and inspect all OSI 7 layers protocols.
- Can be run on Windows, Linux, MacOS, Solaris and many more.
- Output can be exported to XML, CSV or plain text.
To download Wireshark follow below link and click on download link:
https://www.wireshark.org/download.html
Depending on your Windows or OS version choose download.
- Once installed click on open Wireshark and choose (double click) the Ethernet card you would like to capture traffic.
2. Wireshark will start capturing traffic on given ethernet card and will give you all protocol along source, destination, protocol name, length and information.
If you want to stop capturing Click on Square button and if you want to start capturing click on Wireshark icon [next to stop] highlighted below:
3. To filter capture traffic you can use different commands like and type is on “Filter” show below
You can use following sample commands:
ip.addr==192.168.39.252 [ To filter all the traffic where source or destination ip address is 192.168.39.252.
Tcp [ to filter all TCP traffic]
For complete cheat sheet of Wireshark follow below link:
Wireshark Cheat Sheet – Commands, Captures, Filters & Shortcuts