5 Killer Tricks to Get the Most Out of Wireshark

Source: HowToGeek

Here are 5 excellent tricks, to get more out of Wireshark, when you’re using it to examine traffic you see traversing your network. These are 5 excellent tips, but there are a lot of more we recommend. We have taken the course from Wireshark University, and highly recommend it to anyone.

Network Name Resolution

While capturing packets, you might be annoyed that Wireshark only displays IP addresses. You can convert the IP addresses to domain names yourself, but that isn’t too convenient.

Start Capturing Automatically

You can create a special shortcut using Wirshark’s command-line arguments if you want to start capturing packets without delay. You’ll need to know the number of the network interface you want to use, based on the order Wireshark displays the interfaces.

Capturing Traffic From Remote Computers

Wireshark captures traffic from your system’s local interfaces by default, but this isn’t always the location you want to capture from. For example, you may want to capture traffic from a router, server, or another computer in a different location on the network. This is where Wireshark’s remote capture feature comes in. This feature is only available on Windows at the moment — Wireshark’s official documentation recommends that Linux users use an SSH tunnel.

Wireshark in a Terminal (TShark)

If you don’t have a graphical interface on your system, you can use Wireshark from a terminal with the TShark command.

Creating Firewall ACL Rules

If you’re a network administrator in charge of a firewall and you’re using Wireshark to poke around, you may want to take action based on the traffic you see — perhaps to block some suspicious traffic. Wireshark’s Firewall ACL Rules tool generates the commands you’ll need to create firewall rules on your firewall.