Download and install Wireshark
Wireshark can be downloaded at no cost from the FoundationWebSwitcher for both macOS and Windows operating systems. If you are an advanced user, it is recommended to download only the latest version. During the startup process (Windows only), you also need to install WinPcap on request, as this library includes a library to capture live data.
It is also available for Linux and most other UNIX operating systems, including Red Hat, Solaris and FreeBSD. The binary versions required for these operating systems can be found at the bottom of the download page in the Third-Party Packages section.
How to capture the data packet in Wireshark
When you launch Wirescape for the first time, a welcome page similar to the one above should be visible, which contains a list of network connections available on your current device. In this example, you will find that the following types of connection are shown: Bluetooth, Ethernet, VirtualBox, Wi-Fi network connection. To the right is shown a graphic EKG-like graph representing live traffic on that network.
To start capturing packages, first click on the network, or if you want to record multiple networks simultaneously, select the networks with the Shift or Ctrl key. When the target is selected for capture, the background is blue or gray. Click the capture button from the main menu to the top of the windsurf. When the drop-down menu appears, select the start option. You can also start packages with one of the following shortcuts.
- Keyboard : Press Ctrl + E
- Mouse : Double click on the network to start capturing packets.
- Toolbar : Click the blue shark button located on the top right of the toolbar.
Live capture operations are displayed with details of the packets in the wirescreen window in which they are logged. To stop the operation, do one of the following:
- Keyboard : Press Ctrl + E
- Toolbar : Click on the red stop button located next to the Shark Button in the Windsurk toolbar.
View and analyze package contents in Wireshark
Now that you have recorded some of the network data, it’s time to take a look at the recorded packages. As shown in the image above, the captured packet interface contains three main parts: the package list window, the packet details section and the closed bytes.
The list of packets at the top of the window shows all the packages in the active record file. Each packet has its own row and its associated number with data information.
- Time : The tag is displayed in this column when this packet is registered, with the default format, the number of seconds since this particular file was created for the first time. To change this format to something that may be a little more useful, such as the actual day, choose the option Format Time from the View Wizard menu, located above the main interface.
- Source : This column contains the address (IP or other) in which the package was created.
- Destination : This column contains addresses that are sent depending on it.
- Protocol : The name of the packet protocol (eg TCP) can be found in this column.
- Length : The packet length is displayed in bytes in this column.
- Info : More details about packets are provided here. The contents of this column can vary depending on the content of the packet.
When a package is selected at the top of the page, one or more characters may appear in the first column. The open or closed range, as well as a straight line, can indicate whether a packet or a group of integrated packets is similar to a backlit conversation in the network. A broken horizontal line indicates that a pack is not part of a conversation.
Details Packet of
The detail window located in the middle provides the protocols and protocols for the selected package in a flexible format. In addition to expanding each selection, you can also apply individual filtering filters to specific details, as well as complete data streams based on the type of protocol through the context menu. Right-click on the item in the customizable panel. Access is
Byte Packet of
At the bottom of the byte box, it shows the raw data of the selected packet in the hexadecimal view. This hexadecimal distribution contains 16 bytes hexadecimal and 16 bytes of ASCII alongside the data. Selecting a specific section of this data will automatically display the relevant section in the package details and vice versa. Each of the bytes that can not be printed will appear in sequence, respectively. You can select this data in bit form instead of hexadecimal by right-clicking anywhere in the window and selecting the appropriate option from the context menu.
Use Wireshark Filters
One of the most important features in the Wireshark suite is its filtering capabilities, especially when you encounter files that are significant in size. The record filters can be set up before the start of the operation so that Windsurf records only the packages that meet your specified criteria.
Filters can be applied to a previously created file to display only specific packages. These are referred to as screen filters. By default, Wireshark provides a large number of predefined filters, which allows you to limit the number of visible packets by simply pushing a few buttons or mouse clicks. To use one of these filters, name it in the Apply a display filter field (located under the Wire Toolbar) or in the Enter a capture filter field (located in the welcome center).
There are several ways to achieve this goal. If you know your filter name, simply type it in the appropriate field. For example, if you just wanted to display TCP packages, you can type TCP. With auto-complete WireShare, the suggested names will show up as you start, and find the correct password for the desired filter. Another way to select a filter is by clicking the bookmark-like icon on the left side of the login screen. This is a menu containing some of the commonly used filters, as well as an option to manage capture filters or manage display filters. If you decide to manage both types, the user interface will appear that allows you to add, remove or edit filters.
You can also access the previously used filters by selecting the down arrow, located to the right of the input field that displays the list drop-down list. After setting, the record filters will apply as soon as the network traffic recording is started. However, to apply the display filter, you must click the right arrow to the right of the login field.
When the recording and display filters allow you to restrict the packets recorded or displayed on the screen, it will increase the ability to color them up to one level, making the difference between different types of packages based on Their individual color is different. This useful feature allows you to quickly package specific packages in a collection saved by your row color scheme in the package list.
Wirescape comes with about 20 default color rules that you can edit, deactivate or delete whichever you want. You can also add shadow-based filters through the color rules interface, which is accessible from the View menu. In addition to setting the name and filter criteria for each rule, you will be asked to associate both background colors and text colors. Colorization of packages can be viewed using the Colorize Packet List option in the View menu.
In addition to detailed information about the network data shown in the main wind surface window, several other useful benchmarks are accessible through the drop-down menu at the top of the page, which includes the size and timing information for your recording file, along with Dozens of charts are a packet conversation analysis to load HTTP requests. Display filters can be applied to many of these statistics through their individual interfaces, and the results can include several common file formats, including CSV, XML, and TXT.
Although we have covered most of the original WearShare capabilities in this article, there is a collection of additional features in this powerful tool, which is commonly used for advanced users, which includes the ability to write their own protocol texts in the Lua programming language.