Wireshark Packet Analysis

Intermediate Networking
Wiresharktcpdumptshark

Objective

Hands-on practice with wireshark packet analysis in a network lab environment.

Tools & Technologies

  • Wireshark
  • tcpdump
  • tshark

Key Commands

tshark -i eth0 -w capture.pcap
tshark -r capture.pcap -Y 'http'
wireshark capture.pcap

Lab Steps

01
Capture Setup

Configure capture interfaces and filters in Wireshark.

02
Display Filters

Apply display filters to isolate specific protocols, IPs, and ports.

03
Protocol Analysis

Analyze HTTP, DNS, and TLS handshake sequences.

04
Statistics

Use Statistics menu to view endpoint, protocol hierarchy, and flow data.

Challenges Encountered

  • Promiscuous mode may not work in virtualized environments
  • TLS 1.3 traffic cannot be decrypted without session keys

Key Takeaways

  • Use capture filters (BPF) to reduce file size; display filters to analyze
  • Export SSL session keys from browsers to decrypt TLS in Wireshark