How to Use Wireshark?

Wireshark is the most popular tool in order to capture network packets for different network protocols and different network interface types. The Wireshark project started with the name Etheral providing very basic features. With the help of the community and developers, it became a very professional tool for network administrators and pen-testers. In this tutorial, we provide information on how to use Wireshark from installation to start and using different features like packet information, capture filters, display filters, command-line interface, etc.

Install Wireshark for Windows

Windows Wireshark installation is very easy whereas Windows installers are provided via Wireshark’s official web portal. Just select the required version you want to use. 32-bit and 64-bit versions of the Wireshark installers are provided as well as the Windows Portable version.

Wireshark Windows

Install Wireshark For Linux

Install Wireshark for Ubuntu, Mint, Debian

The following apt command can be used to install Wireshark for Ubuntu, Mint, and Debian.

$ sudo apt install wireshark

During the installation following question is asked in order to capture packets for the regular users. Just answer as Yes .

Install Wireshark for Fedora, CentOS, RHEL

For the Fedora, CentOS, and RHEL following command can be used to install Wireshark.

$ sudo dnf install wireshark

Start Wireshark

Wireshark can be started in different ways. For Linux distributions from the menu type wireshark .

The Wireshark can be also installed via the command-line interface using the Wireshark command like below.

$ wireshark

Select Network Interface To Capture Packets

After the Wireshark is opened the following screen is displayed which lists network interfaces to capture. Just select the interface we want to capture and click on the shark icon.

Wireshark UI

Wireshark provides a very useful UI and it should be because there is a lot of network information that should be displayed on a single screen. By default, Wireshark UI consist of 3 panes called Packet List , Packet Details and Packet Bytes .

Wireshark UI

Packet Information

Wireshark provides all information about the captured packets. There are different network layers like ethernet (L2), IP (L3), TCP/UDP(L4), etc., and all this information is displayed in a human-readable format with extra information in different sections with related layers.

Display Filters

Display captures can be filtered by using the Display Filters . There are a lot of different display filters which can be used for different cases. In the following example we only display the UDP packets.

Display Filters
Display FilterDescription
tcpOnly TCP Packets
udpOnly UDP Packets
ip.addr == Address
ipv6.addr == 2001:db8::1IPv6 Address
tcp.port == 80TCP Port
udp.port == 80UDP Port
tcp.port == 80 || udp.port == 80Mulitple Ports

Leave a Comment