From XennisWiki
Jump to: navigation, search

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. (Wikipedia)

Download and setup

You can download Wireshark form the official website.

apt-get install wireshark


Helpful settings:

Resolve IP addresses (show domains instead of IP addresses)

  • Edit > Preferences
  • Under Name Resolution activate Resolve network (IP) addresses



Further information: Top 10 Wireshark Filters

Filter any packet with this IP as source or destination

ip.addr == IP-ADDRESS

Filter all HTTP packets with a specific content type and response code

http.content_type contains "text/html" and http.response.code == 200

Filter all HTTP packages with the content Xennis

data-text-lines contains "Xennis"

Filter all TCP packages with a port number greater then 60000


Problems and errors

Cannot capture as non root user

(1) Reconfigure wireshark and select yes for the question Should non-superusers be able to capture packets?. (2) Add your user account to the wireshark group

dpkg-reconfigure wireshark-common 
usermod -a -G wireshark $USER

Next logout and login again.

See also

External links