Wireshark

Wireshark is a robust tool for capturing, inspecting, and analyzing network traffic in real time. It records packets transmitted over a network interface and presents them in an organized and detailed manner, covering activities like HTTP requests, DNS queries, and TCP handshakes.

Key Purposes of Wireshark:

1. Troubleshooting:
   Detects network issues such as delays, packet loss, or configuration errors.

2. Security Analysis:
   Identifies unauthorized access, potential attacks, or suspicious activities.

3. Protocol Understanding:
   Offers insights into the operation and interaction of various network protocols.

Start Capturing Traffic:

• Open Wireshark and select the network interface you want to monitor.

• Click the Start Capturing Packets button.

Stop Capturing:

• Once you've captured enough packets, click the Stop button.

Apply the HTTP Filter:

• In the Display Filter Bar at the top, type the filter expression for HTTP and enter.

After entering the URL of an HTTP file in our browser, we stopped capturing packets and analyzed the sequence of events that occurred during the HTTP communication. 

• Step 1: The client (10.62.0.27) sends an HTTP GET request for a specific file (HTTP-wireshark-file1.html) from the server (128.119.245.12).

• Step 2: The server responds with a 200 OK status, delivering the requested file successfully.

• Step 3: The client requests a favicon (/favicon.ico), which is a typical browser behavior.

• Step 4: The server responds with a 404 Not Found error, indicating the favicon does not exist.