Scribd
Upload
7 views

wireshark

Wireshark is a network protocol analyzer that captures and analyzes network traffic, providing insights into data flows and troubleshooting. It decodes various network protocols such as TCP, UDP, IP, and HTTP, and allows users to capture traffic from specific devices or entire networks. Additionally, it features a command-line tool called Tshark for capturing and analyzing packets in a terminal.

Uploaded by

Mafnitha KK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views

wireshark

Wireshark is a network protocol analyzer that captures and analyzes network traffic, providing insights into data flows and troubleshooting. It decodes various network protocols such as TCP, UDP, IP, and HTTP, and allows users to capture traffic from specific devices or entire networks. Additionally, it features a command-line tool called Tshark for capturing and analyzing packets in a terminal.

Uploaded by

Mafnitha KK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Introduction to

Wireshark
Wireshark is a powerful network protocol analyzer used to capture and
analyze network traffic. It provides insights into network activities, helping
you understand data flows and troubleshoot problems.
Understanding Network Protoc
Network protocols define communication rules between devices. Wireshark decodes and
displays these protocols, revealing the structure and content of network packets.

1 TCP 2 UDP
Transmission Control Protocol is a User Datagram Protocol is an
reliable connection-oriented unreliable connectionless protocol
protocol used for web browsing used for streaming media and
and email. DNS requests.

3 IP 4 HTTP
Internet Protocol is the Hypertext Transfer Protocol is
foundational protocol responsible used for retrieving web pages and
for addressing and routing data other web resources.
packets across the network.
Capturing Network Traffic
Wireshark captures network traffic by listening to network interfaces. You can
capture traffic from specific devices or the entire network.

1 Interface Selection
Choose the network interface you want to capture traffic from.

2 Capture Start
Begin capturing packets by clicking the "Start" button in
Wireshark.

3 Traffic Capture
Wireshark captures and displays network packets in real-time.
Analyzing Packet Data
Wireshark dissects captured packets to reveal their contents, displaying
information about the source and destination, protocol, and data.

Packet Summary Provides a concise overview


of the packet.

Packet Details Shows the detailed breakdown


of the packet's header and
payload.

Protocol Tree Visualizes the hierarchy of


protocols involved in the
packet.
. Command-Line Capture (Tshark):
- While Wireshark's primary interface is graphical, it includes a
command-line tool called Tshark for capturing packets in a terminal.
For example:
tshark -i eth0 -c 100
- `-i`
Specify the interface (e.g., eth0). - `-c`: Set the number of packets to
capture (e.g., 100).
Analyze Saved Capture Files (Tshark):
• - You can also analyze saved capture files using Tshark. For example:

tshark -r capture.pcap
• - `-r`: Specify the input capture file.
Protocol color
TCP Blue
UDP Red
HTTP Purple
IP Green

You might also like