DOWNDLOAD

Unicorn Network Threat Analyzer

  • Capture network traffic
  • Troubleshoot Wired & Wireless Network
  • Analyze network threats
Read More…
Free Downlaod

Wireshark Software: The Ultimate Tool for Network Packet Analysis on Windows and Mac

AndyHuang

Contents hide
Filter Commands
Logical Commands
Color Coding:
Wireshark Software vs. Fiddler
Wireshark Software and the OSI Seven-Layer Model
Related posts:

Wireshark is a highly popular network packet analysis software known for its powerful features and open-source nature. This Wireshark software can capture various network packets and display detailed information about them, and is compatible with both Windows and Mac OS.

Filter Commands

  1. Filter source ip and destination ip. Enter the filter conditions in the filter rule box of wireshark. For example, to search for packets with a destination address of 192.168.101.8, ip.dst==192.168.101.8; to search for packets with a source address of ip.src==1.1.1.1; ip.addr == 202.34.12.3
  2. Port filtering. For example, to filter port 80, enter tcp.port ==80 in Filter . This rule will filter out both source and destination ports 80. Use tcp.dstport==80 to filter only the destination port 80, and tcp.srcport==80 to filter only the source port 80.
  3. Protocol filtering is relatively simple. Just enter the protocol name in the Filter box, such as filtering the HTTP protocol.
  4. http mode filtering. For example, to filter get packets, http.request.method==”GET”, to filter post packets, http.request.method==”POST”;
  5. Use of the connector and. When filtering two conditions, use and to connect, such as filtering the IP address 192.168.101.8 and the http protocol, ip.src==192.168.101.8 and http.

Logical Commands

Commands can be combined into new commands using logical operators such as && || !, etc.

Color Coding:

By this stage, you will see packets displayed in green, blue, and black. Wireshark uses colors to make the packets of various traffic types easy to distinguish. For example, by default, green represents TCP packets, dark blue represents DNS, light blue represents UDP, and black indicates problematic TCP packets—such as out-of-order packets.

Wireshark Software vs. Fiddler

Fiddler is a program that runs on Windows, specifically designed to capture HTTP and HTTPS.

Wireshark can capture HTTP and also HTTPS, but it cannot decrypt HTTPS, so Wireshark cannot understand the content within HTTPS.

In summary, if dealing with HTTP and HTTPS, it is still better to use Fiddler, but for other protocols like TCP and UDP, use Wireshark.

Wireshark Software and the OSI Seven-Layer Model

Wireshark software

001_1.png

Related posts:

  1. Analyze TCP Data Transmission Delay: Causes and Solutions
  2. VNC TCP Delay Analysis: Understanding Retransmissions and Zero Window Issues
  3. Troubleshoot Data transmission Delays with Wireshark: Causes and Solutions
  4. MySQL Ping Issue: An Ongoing Network Troubleshooting Mystery