Content that refers to the Wireshark packet analysis tool.
I provide this information for reference when examining TLS in Wireshark. The TLS 1.2 protocol ladder (also called the TLS handshake ladder) describes the step-by-step sequence of message exchanges between a client and server as they negotiate a secure, encrypted connection. Think of it as a “ladder” where each side alternates rungs (messages) upward until […]
The TLS 1.2 Protocol Ladder Read More »
Using a loopback adapter (also called a local loopback interface) for packet capture in Wireshark allows you to capture traffic that stays within your own computer — for example, packets exchanged between local applications via localhost or 127.0.0.1. Normally, this traffic never reaches a physical network interface, so a loopback capture is needed to see
What is the Adapter for loopback traffic capture in Wireshark? Read More »
Many technicians and network engineering staff, as well as IT staff, often need to “tap” into the Ethernet to capture and troubleshoot network traffic. A full-duplex tap (also called a network tap) is a hardware device placed inline on an Ethernet link that allows network engineers to capture all traffic traveling in both directions —
Ethernet Taps to Capture Network Traffic Read More »
I am a ChatGPT subscriber to the basic (not PRO) service. I saw the following post on LinkedIn and was fascinated: Think about the implications. You don’t need to know how to use Wireshark other than to do a capture. You certainly don’t need to know how to troubleshoot packet captures as ChatGPT can do
Can ChatGPT 5 analyze PCAP’s? Read More »
Great question. In one sentence it is a purple tool, meaning both! Wireshark itself is a passive tool, it is non-intrusive — it doesn’t create attacks — but it’s a force multiplier for both Red and Blue Teams depending on who controls the capture point and how the data is used. Let me dig a
Is Wireshark a Red Team or Blue Team Tool? Read More »
RFMON stands for Radio Frequency MONitor mode. It is a special mode for wireless network interfaces that allows a device to capture all radio traffic it can receive on a wireless channel, regardless of the intended recipient. All Wi-Fi radios can go into different modes, but that does not mean you can make that happen.
As a frequent reader here will know, my Wi-Fi Analyzer of choice is called WinFi. It has been around many years as is fabulous. In version 2, and the new version 3, you can capture Wi-Fi Beacon Frames and examine them. This post will explain what you can capture and how this is useful. What
Capturing Wi-Fi Beacon Frames with WinFi Read More »
In this tutorial I am going to make you a pro at using and leveraging the Wireshark TCP Graphing tools. As many of you who have taken my Wireshark Courses know, I am a big fan of visualizing what is going on in a given packet capture or conversation. My #2 troubleshooting step is to
Zero to Hero with Wireshark TCP Graphs: A Tutorial Read More »
Below is a great TCP Analysis Flags Cheat Sheet for Wireshark. These are essentially Display Filters. They are all included in our TCP troubleshooting profile you can find here. Analysis Flags/Display filter Trigger Impact/Meaning/Notes tcp.analysis.ack_lost_segment A segment that is not in the trace has been acknowledged Indicates that not all packets have been recorded or a route has been flapped tcp.analysis.duplicate_ack The receiver
Wireshark TCP Analysis Flags Cheat Sheet Read More »
As QUIC has emerged to begin its takeover of the Transport Layer (OK – we will never see TCP totally disappear), I have written multiple articles on QUIC. You can look them over here. In the early days Google made this really easy right within the Chrome web browser. As time has gone on and
Troubleshooting QUIC Traffic – Not Easy Read More »
Let’s start with some simple definitions of these protocols and how they work together. In Voice over IP (VoIP) to PSTN (telephone) network integration, MGCP and C15 can work together as part of a layered signaling architecture that bridges IP-based call control with traditional PSTN switching systems. Here’s how they fit and interact: MGCP (Media
Troubleshooting C15 and MGCP Protocols for VoIP Read More »
Capturing network traffic with VLAN tags on a Windows computer can be tricky due to how network adapters and capture software handle VLAN-tagged frames. By default, Windows often strips VLAN tags before passing packets to capture applications like Wireshark. However, there are ways to configure your setup to properly capture VLAN information. 1. Install the
Capturing Packet Traffic with VLAN Tags on Windows Read More »
So often in Wireshark videos and classes we spend a lot of time on TCP behavior. But what I am about to discuss is hardly ever brought up. The answer to version is simple right? Version 4. OK, kind of right, but overlooking too much. The truth is that there are multiple “versions” of TCP,
Which Version of TCP are you using? Read More »
As most of my readers, students, and clients know, I absolutely love Wireshark. I deeply am infatuated with Wireshark’s Profiles, more properly called configuration profiles. So much so that many years ago now, I set up the first Wireshark Profiles Repository. 100’s of thousands of downloads have resulted, and I hope I have helped the
Automatically Switch Configuration Profiles in Wireshark Read More »
Someone asked the following “getting started” question on the Wireshark Discord site, and it prompted me to write this FAQ to help newcomers to Wireshark understand how to navigate the initial complexity of packet capture. Hi everyone! I’m new here and just downloaded wireshark for a Computer Comm class. I need to capture traffic sent
A Simple Capture and Filter Exercise for Wireshark Read More »