Wireshark is a really useful tool. As a network engineer, I always use it. From analyzing traffic to checking the exact cause of the issue, Wireshark will always be there for you. In this blog, we will see some useful commands that we can use to filter the traffic, which will help you isolate the issue.
What is Wireshark
Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible.
You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available today.Useful Wireshark Command:
To check TCP 3-way handshake:
tcp.flags.syn == 1: to find all the syn packets in the Wireshark.
tcp.flags.syn == 1 && tcp.flags.ack == 1: to find the syn-ack
tcp.flags.ack == 1 && tcp.flags.syn == 0: to find ack packets
Read more about TCP 3-way handshake here.: TCP 3-way handshake.
To check the TCP 4-way handshake
To find a particular IP address
ip.src == <"ip address">. To check a particular IP address in the source field.
ip.dst == <"ip address"> To check IP address in the destination field
ip.addr == <"ip address"> To check IP address in both the Source and destination fields.
I will add more commands here as I will use them in blogs, so stay tuned.

0 Comments