GO BACK TO HOME

Wireshark Detailed Guide

1. Installation

Ubuntu/Debian:

sudo apt update

sudo apt install wireshark

CentOS/RHEL:

sudo yum install wireshark

2. Basic Usage

Launch Wireshark:

wireshark

Start Capturing Packets:

Select an interface and click "Start capturing packets"

Stop Capturing Packets:

Click "Stop capturing packets"

3. Capture Options

Capture Filter:

Enter a capture filter in the "Capture Options" dialog

Promiscuous Mode:

Enable promiscuous mode to capture all packets on the network

4. Display Filters

Filter by Protocol:

http

Filter by IP Address:

ip.addr == 192.168.1.1

Filter by Port:

tcp.port == 80

5. Analyzing Packets

Packet Details:

Click on a packet to view its details

Follow Stream:

Right-click on a packet and select "Follow" -> "TCP Stream"

6. Saving and Exporting

Save Capture File:

File -> Save As...

Export Specific Packets:

File -> Export Specified Packets...

7. Advanced Features

Statistics:

Statistics -> Summary

Protocol Hierarchy:

Statistics -> Protocol Hierarchy

Conversations:

Statistics -> Conversations

8. Troubleshooting

Check Wireshark Version:

wireshark --version

Debugging Output:

wireshark -d

Verbose Output:

wireshark -v

9. Community and Resources

Official Wireshark Documentation:
Wireshark Documentation

Wireshark Mailing List:
Wireshark Mailing List

Wireshark User Guide:
Wireshark User Guide

GO BACK TO HOME