Wireshark is a powerful tool for capturing and analysing network packets. This guide will show you how to start capturing traffic, filter for relevant data, and understand basic protocols.
Go to the Wireshark website and download the version for your OS. Follow the installer instructions and allow installation of WinPcap/Npcap (needed for packet capture on Windows).
Open Wireshark, select your active network interface (Wi-Fi or Ethernet), and click Start Capturing Packets. You’ll see packets appearing in real-time.
Focus on specific traffic using filters, e.g.,
http – only HTTP traffictcp.port == 80 – traffic on port 80ip.addr == 192.168.1.10 – traffic from/to a specific IPClick on a packet to view details. Expand the layers: Ethernet, IP, TCP/UDP, HTTP. Observe source/destination addresses, protocols, and payloads.
Go to File → Save As and save your .pcap file. Reopen it later or share it for analysis exercises.
Upload a .pcap file and visually highlight interesting packets (HTTP requests, DNS queries). You could even create a small quiz: “Which packet contains a login request?” with multiple choice answers. Example files: Download Sample.