Post by Chinmay Upasani

If you work in Networking or Security, here’s a practical Wireshark cheat sheet you can use When ping, traceroute, and logs are not enough... Packets tell the real story. Problems Wireshark can help identify : • TCP retransmissions • DNS failures • SSL/TLS handshakes • VPN/IPSec tunnels • Packet drops • Slow applications • Connectivity issues A few filters every engineer should know: - ip.addr == x.x.x.x Traffic to/from a specific host - tcp.port == 80 or 443 or 22 HTTP / HTTPS / SSH traffic - tcp.analysis.retransmission Detect TCP retransmissions instantly - http.request Show only HTTP requests - tcp.flags.syn == 1 Identify SYN packets during TCP handshake Logical Operators in Wireshark • and → both conditions must match • or → either condition can match • not → exclude traffic you don’t want to see Example: tcp.port == 443 and ip.addr == x.x.x.x The key is to follow the protocol conversation and find out where it breaks. The better you get at reading packets, the faster you get at solving network and security problems. What are some other Wireshark filters you use regularly during troubleshooting?