Wireshark Starter
Wireshark Starter
Wireshark Starter
Objective: The objective of this worksheet is to provide a quick jump start on Wireshark to
capture communication protocol packets. It can be skipped, if the audience is already
familiar with it.
Platform: The content shown below is taken from Wireshark 1.12.6 running on Windows-
8.1 operating system. This is expected to be similar or with minimum differences across
different operating systems and Wireshark software releases.
Wireshark Introduction: Wireshark is a free and open-source packet analyzer. It is used for
network troubleshooting, analysis, software and communications protocol development,
and education. It was originally named Ethereal but in 2006 renamed to Wireshark because
of few trademark issues. It is available for many operating systems and support different
communication protocols. No deep Wireshark understanding is required for basic packets
capturing but some starter information can be gained from many available on line resources
like:
https://www.wireshark.org/docs/wsug_html_chunked/
https://www.concise-courses.com/security/wireshark-basics/
Download Wireshark: Download a stable release for Wireshark for your operating system
from https://www.wireshark.org/download.html and install it. A shortcut (blue shark fin) on
your desktop would be also installed as shown below. This shortcut icon can be used to run
the Wireshark. Wireshark is Open Source Software released under the GNU General Public
License.
Running Wireshark: The fundamental steps to capture packets through the Wireshark are
as follows:
(1) Select the interface on your PC/Laptop from where the packets are being
generated/received.
BITS Pilani Work Integrated Learning Programme (WILP)
Page 1 of 3, Rev-1.0
Course - Network Security (SSZG513)
Topic - Wireshark Starter Worksheet
Author and Instructor - Vineet Garg
On running the Wireshark a screen will displayed as shown below with the available list of
interfaces on your machine on the top left had side. Below that there will be a green start
button indicating the start of a capture. One can select the interface from the Interface List
or the list available below Start button. Once selected, the Green start button can be
pressed to start the capture.
Once the capturing is started, the screen will look like as shown below. The capturing can be
stopped pressing the red square button below the menu bar.
Right clicking on any filed header, the configuration of above fields can be changed. E.g. unit
of time, display format, toggling of a column, sorting on the basis of a column etc.
Also notice display filter below that can be used as display filter to see only the packets of
interest like ssl, tcp, snmp etc. The details of permitted filters is provided at -
https://wiki.wireshark.org/DisplayFilters
If we type ssl in the filter, only the ssl packets will be shown by the display screen from the
capture. The objective of filter is to help in focusing the protocol of interest only masking
the other protocols off from being displayed.
The captured file can be saved from File menu option with .pcap extension for a later offline
analysis or to compare the results.