Wireshark is the world’s most popular network protocol analyzer. It captures and interactively analyzes network traffic, providing deep insights into network communications for troubleshooting and security analysis.
📑 Table of Contents
Key Features
- Deep Inspection: Analyze hundreds of protocols
- Live Capture: Real-time traffic analysis
- Rich Filters: Powerful display and capture filters
- Decrypt SSL/TLS: Analyze encrypted traffic
- Export Options: Save captures in multiple formats
Installation
Install Wireshark on Ubuntu:
sudo apt update
sudo apt install wireshark
sudo usermod -aG wireshark $USER
# Log out and back in for group changesUsage Examples
Common capture filters:
# Capture HTTP traffic
tcp port 80
# Capture traffic from specific host
host 192.168.1.100
# Capture DNS queries
udp port 53Display filters:
# Show HTTP requests
http.request
# Show TCP errors
tcp.analysis.flagsBenefits
Wireshark is essential for network troubleshooting and security analysis. Its comprehensive protocol support and intuitive interface make complex network analysis accessible.
Was this article helpful?