5 Killer Tricks to Get the Most Out of Wireshark
Source: HowToGeek
Here are 5 excellent tricks, to get more out of Wireshark, when you’re using it to examine traffic you see traversing your network. These are 5 excellent tips, but there are a lot of more we recommend. We have taken the course from Wireshark University, and highly recommend it to anyone.
Network Name Resolution
While capturing packets, you might be annoyed that Wireshark only displays IP addresses. You can convert the IP addresses to domain names yourself, but that isn’t too convenient.
Start Capturing Automatically
You can create a special shortcut using Wirshark’s command-line arguments if you want to start capturing packets without delay. You’ll need to know the number of the network interface you want to use, based on the order Wireshark displays the interfaces.
Capturing Traffic From Remote Computers
Wireshark captures traffic from your system’s local interfaces by default, but this isn’t always the location you want to capture from. For example, you may want to capture traffic from a router, server, or another computer in a different location on the network. This is where Wireshark’s remote capture feature comes in. This feature is only available on Windows at the moment — Wireshark’s official documentation recommends that Linux users use an SSH tunnel.
Wireshark in a Terminal (TShark)
If you don’t have a graphical interface on your system, you can use Wireshark from a terminal with the TShark command.
Creating Firewall ACL Rules
If you’re a network administrator in charge of a firewall and you’re using Wireshark to poke around, you may want to take action based on the traffic you see — perhaps to block some suspicious traffic. Wireshark’s Firewall ACL Rules tool generates the commands you’ll need to create firewall rules on your firewall.