Capture live network packets and analyze basic traffic types using Wireshark.
Wireshark (free and open-source packet analyzer)
sudo apt update sudo apt install wireshark -y
ifconfig ip a
Open Wireshark Select active network interface Start packet capture Generate traffic by browsing, pinging, SSH, etc.
DNS traffic: dns
HTTP traffic: http
TCP packets: tcp
UDP packets: udp
Filter by IP: ip.addr == 192.168.1.10
Filter by port: tcp.port == 443
Filter by protocol errors: tcp.analysis.flags
File → Save As → example.pcapng
- Identify top protocols in use (TCP, UDP, DNS, TLS, HTTP, ARP, etc.)
- View packet details and payloads
- Track client/server communication
- Review packet source/destination IPs
- Confirm connection-state and flags
- Check response codes and latency
DNS queries resolve domain names TCP handshake: SYN → SYN/ACK → ACK HTTP traffic shows GET/POST requests ICMP traffic from ping tests TLS encrypted packets show no payload content
File → Export Packet Dissections Formats: CSV, JSON, TXT
- Interface selection page
- Live capture graph
- Filtered packet list view
You should see multiple traffic types including DNS, TCP, UDP, and ICMP. Packet inspection reveals communication patterns, response codes, latency, and device behavior across the network.
Avoid capturing traffic on networks you do not own or have permission to scan.
Wireshark is an effective tool for:
- Capturing live traffic
- Applying protocol filters
- Inspecting packets deeply
- Troubleshooting connectivity
- Understanding client/server behavior
- Exporting packet data for reporting