Site icon LinuxAndUbuntu

How To Use Wireshark To Inspect Network Traffic

color coding in wireshark network packets capture

color coding in wireshark network packets capture

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software, and communications protocol development. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark is a cross-platform tool that runs on Linux, Microsoft Windows, macOS, BSD, Solaris, and other Unix-like operating systems.  

How To Install Wireshark In Linux?

To install Wireshark just enter the following command in your terminal – sudo apt-get install Wireshark Wireshark will then be installed and available for use. If you run Wireshark as a non-root user (which you should) at this stage you will encounter an error message which says.
“No interface can be used for capturing in this system with the current configuration”.The following steps will rectify this.

Create a Wireshark group.

sudo groupadd wireshark 

Add your username to the Wireshark group –

sudo usermod -a -G wireshark USERNAME 

Change the group  ownership of file dumpcap to wireshark –

sudo chgrp wireshark /usr/bin/dumpcap 

Change the mode of the file dumpcap to allow execution by the group wireshark –

sudo chmod 750 /usr/bin/dumpcap ​

Grant capabilities with setcap –

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap 

Verify the change –

sudo getcap /usr/bin/dumpcap   

What Wireshark Is Used For?

Wireshark has quite an extensive application or use. Here are a few examples of what people use Wireshark for:

Features At A Glance

The following are some of the many features Wireshark provides:

How To Use Wireshark To Inspect Network Packets In Linux?

Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options.

As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.

Color Coding

You’ll probably see packets highlighted in green, blue, and black. Wireshark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could have been delivered out-of-order.


As I mentioned earlier, Wireshark is available on all platforms but none of these other platforms has the feature parity of Linux.

Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals. Check out this official DOCUMENTATION for more of what you can do with Wireshark.

Exit mobile version