Lead developer and Wireshark director at CACE Technologies
What does a protocol analyzer like Wireshark do?
It captures network traffic that travels across the network adaptor on the computer running the software and turns the traffic into information that a human can read by categorizing, sorting, filtering, and organizing all of the data into an understandable and easy to use format.
In the Wireshark Interface, what is the Packet List?
The list of packets that have been captured by the software from the time it was told to capture until the time it was instructed to stop.
In the Wireshark Interface, what is the Packet Detail?
Packet detail shows the contents of the packet, the protocols that were controlling the packet, and other information related to that specific packet like addresses, and configuration data.
What privileges do you need to run Wireshark? Why?
Administrator or root; Wireshark accesses the network adaptor directly and essentially creates a copy of every single packet that touches the network adaptor.
What is a Wireshark display filter?
A handy tool that filters out specific types of packets, or only displays certain types of packets for the user.
If you right click on a packet, what are you presented with?
A menu to perform more tasks or set options with that packet
Describe the display filter employed when you right click and select "Follow TCP Stream?"
A window showing the conversation between the web browser used when the capture was running and the server the web browser was talking to.
Where can you go to find more information about packet capture with Wireshark? Wireshark users guide and the Wireshark Wiki.