Comprehensive Guide to Network Tools: Installing and Using Wireshark for Packet Capture

Introduction

When we perform network packet capture, we often rely on network tools like Charles and Fiddler. Today, we introduce another popular packet capture tool—Wireshark. This article will cover installing Wireshark and simple packet capturing.

Wireshark Installation

1. Download

Before installation, we first need to download the installation package. The download URL is: https://www.wireshark.org/download/win64/. Download the installation package that matches your operating system, as shown below:

/>

1. Run the installation package as an administrator and click next

/>

1. Read the agreement, then click noted, as shown below:

1. Select installation options, choosing the default installation options as shown below:

1. Create desktop icons (optional)

We can choose to add Wireshark to the start menu or create desktop icons based on our actual needs.

1. Select installation path, we can install Wireshark in any folder, as shown below:

1. Install NPcap, can be ignored if already installed on the computer, as shown below:

1. Install USBPcap, if already installed, it can be ignored

Subsequently, Wireshark will begin installation, as shown below:

1. Prompt to install NPcap, just click agree as shown below:

1. After installation, we can choose restart immediately, but note to save important content before clicking to avoid losing records.

Packet Capture Example

After installation, we can try simple packet capturing using Wireshark. First, we start Wireshark. Once started, as shown below:

Then, we follow Capture->Options, check the WLAN card (choose based on the network card usage of each computer, the simple way is to check the card corresponding to the used IP). Click start. Start packet capturing.

Afterward, we can see that Wireshark is in packet capturing status, as follows:

Perform the operation to be captured, such as executing ping http://www.baidu.com in the cmd window.

Once the operation is complete, the related packets are captured. To avoid the analysis being affected by other useless packets, you can set filter conditions in the filter bar to filter the packet list, obtaining the following result. Note: ip.addr == 119.75.217.26 and icmp means displaying only packets with the ICPM protocol and with either source or destination host IP being 119.75.217.26.

Summary

This article mainly introduced the installation and simple packet capturing operations of the Wireshark packet capturing tool. We will introduce more powerful features of Wireshark in the future. We hope this article can help everyone.