wireshark

 Packet Peek: My First Dive into Wireshark

By Hansani Dhanushika | From Zero to Secure: Learning to Defend One Byte at a Time

๐Ÿ” What is Wireshark?

When I first heard the term packet sniffer, I imagined a dog sniffing data trails. Not too far off!
Wireshark is one of the most powerful (and free!) tools used to capture and analyze network traffic in real-time. It shows you what's really happening under the hood when your device talks to the internet.

๐Ÿง  Why I Wanted to Learn Wireshark

As a cybersecurity newbie, I kept coming across phrases like:

  • “analyze packet flow”

  • “detect suspicious traffic”

  • “understand protocols like TCP/IP”

That’s when I realized Wireshark isn’t just for experts — it’s for anyone who wants to actually see what’s happening inside a network.

๐Ÿงฐ How I Got Started

Here’s how I got Wireshark up and running (Windows user here ๐Ÿ‘ฉ‍๐Ÿ’ป):

  1. Downloaded it from wireshark.org

  2. Installed with Npcap (important for packet capturing)

  3. Opened the app and selected my active network interface (Wi-Fi)

  4. Hit that blue shark fin icon (๐Ÿฆˆ) — and BAM! Packets everywhere.

๐Ÿ•ธ️ What I Learned from Capturing My Own Traffic

I visited a few websites, refreshed pages, and even sent a WhatsApp Web message just to see the magic.
Here's what blew my mind:

  • Every little action online creates a flurry of packets.

  • I could filter by protocols like http, tcp, dns to zoom in on interesting parts.

  • I saw things like GET requests, IP addresses, hostnames, and even handshake processes.

๐Ÿ’ก Tips for Beginners

๐ŸŸข Use filters like:

  • http – see web requests

  • ip.addr == your.ip.address – isolate your own traffic

  • dns – track domain lookups

๐ŸŸข Don't panic if it all looks confusing. Focus on one packet and read its details line by line.

๐ŸŸข Explore pre-captured files (sample .pcap files) to practice without live data.

๐Ÿงพ Wireshark Cheat Sheet (My Go-To Filters)

TaskFilter
Show only HTTP traffichttp
Show DNS queriesdns
Traffic to/from specific IPip.addr == 192.168.1.5
Only TCP packetstcp
Filter by porttcp.port == 443 (HTTPS)

๐Ÿ’ฌ Final Thoughts

Wireshark was intimidating at first, but once I started exploring with curiosity, it became a fun, puzzle-like tool. I’m still learning, but each packet tells a story — and I’m here to read them all.

๐Ÿง  Wanna Try It?

If you're curious about what happens behind a Google search or a file download, I highly recommend giving Wireshark a go.
And don’t worry — I’ll be sharing more guides and cheat sheets as I learn too!

Until then,
Stay curious. Stay secure. ๐Ÿ›ก️

Comments

Post a Comment