How to use Wireshark, analyze data packets in the network, capture network data packets

If you are a system administrator you. You will not be able to ignore the Wireshark tool, a leading tool in analyzing network data packets. An intuitive interface, simple, accurate reporting makes Wireshark extremely popular today. This article will guide you to use Wireshark to analyze data packets in the network.

Wireshark’s main function is to provide users with detailed information about network protocols, collection of packets, the ability to read and write many different types of data. This software is also used to solve network problems, support on many different operating systems such as Windows, MacOS, Linux, Ubuntu, etc. Once you are familiar with Wireshark, you can analyze the data packet in network system in a way easily.


I. Capturing Packets

Step 1: Download and install Wireshark – Monitoring, analyzing network protocols here: Download Wireshark

Step 2: After installation is complete, launch Wireshark. At the main interface of the tool, pay attention to 2 options
Local Area Connection : Network data management via cable

Wireless Network Connection : Wireless network system data management (Wi-Fi)

Please select the appropriate option for the network that you are using then select Start

Step 3: Wireshark has captured all data packets on each IP address connected through the network. Information will be continuously updated whenever the device uses the network.

Analysis of data in wireshark states

Step 4: To stop the process, click on the red square (Stop) on the toolbar.

Analysis of data in wireshark states

Step 5: With each color displayed differently corresponding to each different status as:

Green : Traffic TCP

Light blue : Traffic UDP

Slightly purple-colored : Traffic DNS

Black orange letters : TCP package has problems

Analysis of data in wireshark states

You can also save the packet for later analysis by selecting File -> Save (Ctrl + S) or Save as … (Ctrl + Shift + S)

II. Filtering Packets

At the umbrella Filter Enter the information to filter then select Apply or press Enter on the keyboard. For example, to filter protocol packets TCP Type tcp into the Filter box and press Enter, the filter will show us the TCP protocols that are running on the screen.

Analysis of data in wireshark states

You can also create Filter New by selecting the menu Analyze -> Display filters

To keep track of TCP Stream, right-click the package to select and select Follow TCP Stream

At the table Follow TCP Stream, you can select the data display format ASCII, EBCDIC, Hex Dump, C Arrays, Raw to facilitate data analysis

Analysis of data in wireshark states

III.Inspecting Packets

You can also directly check any piece of information about packages by clicking on the data package to view. Exchange data will be displayed in the box below

Analysis of data in wireshark states

To directly create Filter From the package, right click on the package containing type Filter is selected, point to Apply as Filter choose Selected

Analysis of data in wireshark states

Wireshark is really an effective tool for network administrators. The tool still has a lot of other features such as debugging network performance, checking security of network systems, checking network protocols, …
In addition to the problems of checking network data and network protocols with Wireshark, the readers can refer to ways to check the network speed, control whether the network transmission system of your business or your home is stable or not. .


Add a Comment

Your email address will not be published. Required fields are marked *