www.howtogeek.com
Open in
urlscan Pro
151.101.130.49
Public Scan
URL:
https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
Submission: On July 27 via manual from US — Scanned from DE
Submission: On July 27 via manual from US — Scanned from DE
Form analysis 5 forms found in the DOM
GET /search/
<form class="searchform" action="/search/" method="get">
<input type="text" name="q" value="" placeholder="Enter search term" aria-label="Enter Search Term">
<input type="submit" value="Go">
</form>GET /search/
<form class="searchform" action="/search/" method="get">
<input type="text" name="q" value="" placeholder="Enter search term" aria-label="Enter Search Term">
<input type="submit" value="Go">
</form>POST /em/subscribe
<form action="/em/subscribe" method="post">
<input aria-hidden="true" tabindex="-1" type="hidden" name="postid" value="104278">
<input aria-hidden="true" tabindex="-1" type="hidden" name="list" value="weekday">
<input aria-hidden="true" tabindex="-1" type="hidden" name="tr" value="howtogeek-subscribemenu">
<input aria-hidden="true" tabindex="-1" type="hidden" name="moka-pagerefer" value="">
<input aria-label="Enter Your Email" aria-required="true" aria-invalid="false" onkeypress="validateAriaEmail(this)" type="text" name="email" class="ftemtxt" placeholder="Your email">
<input aria-label="Go" type="submit" class="ftemsub" value="Go">
</form>POST /emv2/post
<form method="POST" action="/emv2/post">
<input aria-hidden="true" name="a" type="hidden" value="htgdefaultinline">
<input aria-hidden="true" type="hidden" name="moka-pagerefer" value="">
<input aria-hidden="true" type="hidden" name="postid" value="104278">
<input aria-hidden="true" name="emailaddress" style="display: none;" tabindex="-1" type="email">
<input name="e" aria-label="Email Address" type="text" placeholder="e-mail address">
<button type="submit">Sign Me Up!</button>
</form>POST https://www.howtogeek.com/em/subscribe
<form action="https://www.howtogeek.com/em/subscribe" method="post">
<input aria-hidden="true" tabindex="-1" type="hidden" name="postid" value="104278">
<input aria-hidden="true" tabindex="-1" type="hidden" name="list" value="weekday">
<input aria-hidden="true" tabindex="-1" type="hidden" name="tr" value="howtogeek-footer">
<input aria-hidden="true" tabindex="-1" type="hidden" name="moka-pagerefer" value="">
<input aria-label="Enter Your Email" aria-required="true" aria-invalid="false" onkeypress="validateAriaEmail(this)" type="text" name="email" class="ftemtxt" placeholder="Enter Your Email">
<input aria-label="Sign Up" type="submit" class="ftemsub" value="Sign Up">
</form>Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE Skip to content Free Newsletter * Buying Guides * News * Reviews * Explore We select and review products independently. When you purchase through our links we may earn a commission. Learn more. * Windows » * iPhone » * Android » * Mac » * Smart Home » * Office » * Security » * Linux » * DevOps » * About Us * Contact Us * Geek Talk Take Screenshot on WindowsMount an ISO image in WindowsWhat Is svchost.exe?Boot Into Safe ModeWhere to Download Windows LegallyFind Your Lost Product KeysClean Install Windows 10 the Easy Way Enable Windows Administrator AccountUse Windows 10 Without Product KeyFind Your Wi-Fi PasswordBest Antivirus for Windows 10 and 11Electronically Sign PDFsOpen HEIC Files on WindowsUse the Linux Bash Shell on Windows Edit Your Hosts FileSee Who's Connected to Your Wi-FiUse tar on LinuxWhat's the Difference Between GPT and MBRStop Windows From Downloading UpdatesUse System Restore on WindowsFind the Best Wi-Fi Channel Browse All Windows Articles | Browse Buying Guides Find Downloaded Files on an iPhoneDetect Hidden Surveillance CamerasFind Archived Gmail EmailsUse Your iPhone as a WebcamMove Google Authenticator to a New PhoneHide Private Photos on iPhoneConvert HEIC Photos to JPG on iPhone Use FaceTime on AndroidRemove Activation Lock on an iPhoneSet a GIF as Wallpaper on iPhoneiPhone or iPad Screen Won't RotateEnable Dark Mode on your iPhoneFix Crashing Apps on iPhoneTake Screenshot by Tapping Back of iPhone Pair Two Sets of AirPods With the Same iPhoneDownload Files Using Safari on Your iPhoneLatest Version of iOS and iPadOSPair AirPods with Any DeviceForce Your Apple Watch to SyncHide an App on Your iPhoneChange Your Apple ID Email Address Browse All iPhone Articles | Browse Buying Guides Find Your Wi-Fi PasswordFree Up Disk Space on Your MacFind the Best Wi-Fi ChannelCreate Bootable USB DrivesRemove a PDF PasswordWhat to Do When Your Mac Won't Turn OnRun Windows Software on Mac Stream From VLC to ChromecastWrite to NTFS Drives on a MacTurn Your Computer Into a DLNA Media Server3 Ways to Remotely Connect to MacTurn Your Mac Into a Wi-Fi HotspotStop Mac's Mail App Wasting SpaceUse Your iPhone as a Webcam Change Your Apple ID Email AddressPC on the FloorFreely Move Pictures in WordCut and Paste Files on MacWhat Are AAE Files from an iPhone?Download and Install Older Versions of macOSCan I Use iCloud Drive for Time Machine Backups? Browse All Mac Articles | Browse Buying Guides Google Play Store on Fire TabletFind Your Wi-Fi PasswordElectronically Sign PDFsOpen HEIC Files on WindowsUse the Linux Bash Shell on WindowsFind the Best Wi-Fi ChannelMove Android Apps to the SD Card Back Up Text Messages to GmailStream From VLC to ChromecastHide Facebook Messenger StatusManage App Permissions on AndroidDetect Hidden Surveillance CamerasRemove Bloatware on AndroidFind Archived Gmail Emails Move Google Authenticator to a New PhoneScan to PDF on AndroidFind Your Lost Android PhoneUse FaceTime on AndroidSet Default Apps on AndroidTrim Videos on AndroidDisable Android App Updates Browse All Android Articles | Browse Buying Guides See Who's Connected to Your Wi-FiFind the Best Wi-Fi ChannelMonitor Your Internet Bandwidth UsageWhy is My Echo BlinkingSet Up a NAS DriveDifference Between the Echo and Echo DotAmazon Prime Features Control All Your Smart Home Devices in One AppBest LED Strip LightsUse Hand Gestures with Google Nest HubBest Smart Light BulbsConnect Alexa to Wi-FiSchedule a Smart Plug with AlexaBest Robot Vacuums Play Games on a Google Nest HubGoogle Assistant Good Morning RoutineEve MotionBlindsCan Power Companies Remotely Adjust Your Smart Thermostat?7 Alexa Skills to Make Your Life EasierBest Smart Home GiftsWhat Is a Smart Plug? Browse All Smart Home Articles | Browse Buying Guides Find Your Lost Product KeysAdd Check Boxes to Word DocumentsInsert Horizontal Lines In WordWindows 10 Dark ModeAwesome Geeky Computer PranksCustomize the Taskbar in Windows 10What Is ctfmon.exe? Convert a Row to a ColumnHighlight a Row Using Conditional FormattingUse Multiple Headers and FootersMake a Form in WordRemove Duplicate Rows in ExcelMake Windows Show File ExtensionsComputer Security Tips Add a Drop-Down List to a Word DocumentNumber or Label Equations in WordCount Colored Cells in ExcelHow to Add a Word or Phrase to Android's AutoOffice Security UpdatesStart Excel from the Command PromptDelete All Notes at Once in PowerPoint Browse All Microsoft Office Articles | Browse Buying Guides What Is svchost.exe?Clean Install Windows 10 the Easy WayUse Windows 10 Without Product KeyFind Your Wi-Fi PasswordBest Antivirus for Windows 10 and 11See Who's Connected to Your Wi-FiMove Android Apps to the SD Card Hide or Password Protect a Folder in WindowsRemove a PDF PasswordSet Up Your Own Home VPN ServerDisable Cortana in Windows 10Access Your Router If You Forget the PasswordFix a Stuck Windows UpdateWrite to NTFS Drives on a Mac Mirror iPhone or iPad to WindowsManage App Permissions on AndroidDetect Hidden Surveillance CamerasDelete Amazon AccountConnect to VPN on WindowsHide Steam Games You're PlayingSend Encrypted Emails and Messages Browse All Privacy and Security Articles | Browse Buying Guides Electronically Sign PDFsUse the Linux Bash Shell on WindowsEdit Your Hosts FileUse tar on LinuxWhat's the Difference Between GPT and MBRFind the Best Wi-Fi ChannelCreate Symbolic Links on Windows Create Bootable USB DrivesRemove a PDF PasswordAccess Your Linux Partitions From WindowsRun Windows Software on MacSet Up Your Own Home VPN ServerWindows Won't BootBest Alternatives to uTorrent Stream From VLC to ChromecastDelete Files Older Than x DaysFix an Overheating LaptopTurn Your Computer Into a DLNA Media ServerImportant Linux CommandsInstall Minecraft on Ubuntu LinuxTest Your Antivirus, Firewall, and More Browse All Linux Articles | Browse Buying Guides How to Connect to Localhost Within a Docker ContainerWhat is SSH Agent Forwarding and How Do You Use It?How to Manage an SSH Config File in Windows and LinuxHow to Run GUI Applications in a Docker ContainerHow to Use Cron With Your Docker ContainersHow to Check If Your Server Is Vulnerable to the log4j Java Exploit (Log4Shell)What Is a PEM File and How Do You Use It? How to Run Your Own DNS Server on Your Local NetworkHow to Check If the Docker Daemon or a Container Is RunningHow to View Kubernetes Pod Logs With KubectlHow to Pass Environment Variables to Docker ContainersHow to Use Docker to Containerize PHP and ApacheHow to Use State in Functional React ComponentsHow to Create a Simple Bot In Microsoft Teams How to Restart Kubernetes Pods With KubectlHow to Get Started With Portainer, a Web UI for DockerHow to Find Your Apache Configuration FolderHow to Send a Message to Slack From a Bash ScriptIs Rocky Linux the new CentOS?How to Get the Size of an Amazon S3 BucketWhen Not to Use Docker: Cases Where Containers Don’t Help Browse All DevOps Articles | Browse Buying Guides COMPLETE GUIDES BY HOW-TO GEEK Browse All Buying Guides OUR LATEST PRODUCT ROUNDUPS Best Curved Monitors Best Budget Bluetooth Speakers Best Photo Printers Best Car Phone Mounts Best Retro Controllers for Pi Best Stereo Amplifiers Best Surge Protectors Best Ethernet Cables Best Camera Straps Best Ring Alternatives Best Wi-Fi Adapters Best Outdoor Solar Lights READER FAVORITES Best Linux Laptops Best Wi-Fi Routers Awesome PC Accessories Best Wireless Earbuds Best Smartwatches Best Meta Quest 2 Accessories Best Home Theater Systems MORE FROM HOW-TO GEEK Browse All Buying Guides Browse All News Articles LATEST GEEK NEWS Meta Quest 2 Price Hike Dell Mobile Connect Shutdown ARM ThinkPad Windows 11 Product Keys NFL+ Windows 11 Start Menu Broken Google Docs On Android Google Play Store 10x Points Calculator Malware Bring Your Own Vulnerable Driver Google Play Store Permissions Info Google Meet Live Streaming READER FAVORITES Install Free HEVC Codecs Detect Hidden Surveillance Cameras Dark Mode on Every Website in Chrome How to Open SWF Files Disable Bing in Windows 10 Start Menu Hide Steam Games You're Playing Use Your iPhone as a Webcam MORE FROM HOW-TO GEEK Browse All Reviews Browse All Buying Guides LATEST REVIEWS Razer Kaira Pro for PlayStation Review Google Pixel 6a Review SwitchBot Lock Review GRID Studio Framed Art Review XGIMI Horizon Pro 4K Projector Review Amazon Fire 7 Kids Tablet Review AVerMedia PW515 4K Ultra HD Webcam Review Amazon Halo View Review Picsart Gold Review NZXT Signal 4K30 Capture Card Review PrivadoVPN Review INNOCN Ultrawide Monitor Review ACROSS LIFESAVVY MEDIA ↪ FROM LIFESAVVY Gozney Roccbox Pizza Oven Review: Restaurant-Quality in a Portable Package Harber London Leather Desk Mat Review: More Than Just Stylish -------------------------------------------------------------------------------- ↪ FROM REVIEW GEEK NZXT Canvas 27Q Gaming Monitor Review: Simplicity With a Mid-Range Twist Wyze Scale X Review: a Feature Packed Smart Scale X * Windows * Mac * iPhone * Android * 🎁 Holiday 2021 * Smarthome * Office * Security * Linux * Buying Guides * News * Features * Review Geek * LifeSavvy * Newsletter * About Us * Contact Us * Geek Talk * CloudSavvy IT X The Best Tech Newsletter Anywhere Join 425,000 subscribers and get a daily digest of news, geek trivia, and our feature articles. By submitting your email, you agree to the Terms of Use and Privacy Policy. HOW TO USE WIRESHARK TO CAPTURE, FILTER AND INSPECT PACKETS Chris Hoffman Chris Hoffman Editor-in-Chief Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times---and that's just here at How-To Geek. Read more... About How-To Geek @chrisbhoffman Jun 14, 2017, 10:24 am EDT | 3 min read Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color coding, and other features that let you dig deep into network traffic and inspect individual packets. This tutorial will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems. GETTING WIRESHARK You can download Wireshark for Windows or macOS from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center. Just a quick warning: Many organizations don’t allow Wireshark and similar tools on their networks. Don’t use this tool at work unless you have permission. CAPTURING PACKETS After downloading and installing Wireshark, you can launch it and double-click the name of a network interface under Capture to start capturing packets on that interface. For example, if you want to capture traffic on your wireless network, click your wireless interface. You can configure advanced features by clicking Capture > Options, but this isn’t necessary for now. As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you have promiscuous mode enabled—it’s enabled by default—you’ll also see all the other packets on the network instead of only packets addressed to your network adapter. To check if promiscuous mode is enabled, click Capture > Options and verify the “Enable promiscuous mode on all interfaces” checkbox is activated at the bottom of this window. Click the red “Stop” button near the top left corner of the window when you want to stop capturing traffic. COLOR CODING You’ll probably see packets highlighted in a variety of different colors. Wireshark uses colors to help you identify the types of traffic at a glance. By default, light purple is TCP traffic, light blue is UDP traffic, and black identifies packets with errors—for example, they could have been delivered out of order. To view exactly what the color codes mean, click View > Coloring Rules. You can also customize and modify the coloring rules from here, if you like. SAMPLE CAPTURES If there’s nothing interesting on your own network to inspect, Wireshark’s wiki has you covered. The wiki contains a page of sample capture files that you can load and inspect. Click File > Open in Wireshark and browse for your downloaded file to open one. The Best Tech Newsletter Anywhere Join 425,000 subscribers and get a daily digest of features, articles, news, and trivia. Sign Me Up! By submitting your email, you agree to the Terms of Use and Privacy Policy. You can also save your own captures in Wireshark and open them later. Click File > Save to save your captured packets. FILTERING PACKETS If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in. The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “dns” and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter. You can also click Analyze > Display Filters to choose a filter from among the default filters included in Wireshark. From here, you can add your own custom filters and save them to easily access them in the future. For more information on Wireshark’s display filtering language, read the Building display filter expressions page in the official Wireshark documentation. Another interesting thing you can do is right-click a packet and select Follow > TCP Stream. You’ll see the full TCP conversation between the client and the server. You can also click other protocols in the Follow menu to see the full conversations for other protocols, if applicable. Close the window and you’ll find a filter has been applied automatically. Wireshark is showing you the packets that make up the conversation. INSPECTING PACKETS Click a packet to select it and you can dig down to view its details. You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it. -------------------------------------------------------------------------------- Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals. You can find more detailed information in the official Wireshark User’s Guide and the other documentation pages on Wireshark’s website. READ NEXT * › How an Attacker Could Crack Your Wireless Network Security * › Stop Hiding Your Wi-Fi Network * › What Is a Data Packet? * › Why You Shouldn’t Use MAC Address Filtering On Your Wi-Fi Router * › Stop Criticizing Apps for “Phoning Home”. Instead, Ask Why * › Troubleshoot and Analyze Your Mac’s Wi-FI With the Wireless Diagnostics Tool * › Intel Management Engine, Explained: The Tiny Computer Inside Your CPU * › Razer Kaira Pro for PlayStation Review: Robust Audio, Subpar Mic Chris Hoffman Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times---and that's just here at How-To Geek. Read Full Bio » How-To Geek is where you turn when you want experts to explain technology. Since we launched in 2006, our articles have been read more than 1 billion times. Want to know more? Facebook Icon Facebook Instagram Icon Instagram Twitter Icon Twitter LinkedIn Icon LinkedIn RSS Feed The Best Free Tech Newsletter Anywhere By submitting your email, you agree to the Terms of Use and Privacy Policy. * About Us * Contact Us * Join Our Team * Advertising * Privacy Policy * Terms of Use * Accessibility * * Toggle Dark Mode © 2022 LifeSavvy Media. All Rights Reserved Receive our best hand-picked content as soon as it's available! No Thanks Allow