How to Use Wireshark

If you alwayshave to diagnose various network issues, whether at home or at the office, youshould consider tracing each network packet individually. To do so, your bestoption is to start with Wireshark.

Find out howto use Wireshark and how it can help you diagnose some common network issues.

How to Use Wireshark

To properly use Wireshark, you need to have Npcap installed on your system. Npcap will allow Wireshark to monitor package contents and data in real-time. If you don’t have Npcap, Wireshark will only be able to open saved capture files. By default, your Wireshark installation will also install Npcap on your device.

To learn more and get the latest version of Npcap, follow this link.

Once you’vesuccessfully installed Wireshark, opening it will bring you to its GUI. Themain window will contain the most critical information available to you, suchas:

  1. The menu on the top row. The menu is used to start all actions on Wireshark.
  2. The main toolbar is below the menu. It contains frequently used actions so you have easy access to them without having to navigate multiple menus to find them.
  3. The filter toolbar allows you to display filters to choose from. Filters will make it easier to find the correct packets to trace.
  4. The packet list pane is the primary data source. It contains a list of all packets going through your network. Selecting an item from this list will change what you can see in the following sections.
  5. The packet details pane will provide more information on the selected packet.
  6. The packet bytes pane will list data on a byte-by-byte basis, highlighting the packet you selected for further observation.
  7. Finally, the status bar on the bottom gives you general information on the program’s current status and captured data.

Wireshark can capture live information from your current network. To start capturing, you need to select the correct interface to start capturing from. Wireshark will provide you with all the interfaces detected when you start it up but make sure you choose the correct one.

If you want tosee all the packets on the network rather than just those addressed to you,make sure you have checked Promiscuous mode on. The checkbox can be found inthe Capture > Options menu on the top bar.

If you want tostop capturing live traffic, press the red button on the toolbar.

Once you have alist of packets at your disposal, Wireshark color-codes them so you can browsethem easier. You can change the options for how the color-coding works in theView > Coloring Rules menu in the top menu bar. Generally speaking, packetsthat are color-coded black are those that have an error.

You can savethe packet list by pressing the Save button (located in the File menu). You canuse this to diagnose the problem on the packets at a later date.

If you’relooking for specific packets, filtering is the best way to find them. Typing inthe filter bar is a great first choice. For example, typing “dns” will onlyshow you DNS packets. Wireshark will suggest text to autocomplete your inputwith the most frequent filtering options.

You can alsoFilter by right-clicking on any part of the information in the packet detailspane and then selecting the “Apply as Filter” option. This is useful if youwant to track packets from the same source.

If you want to learn more about using Wireshark, you can use the User Manual.

How to Use Wireshark to Get the IP

If you want tofind out the IP of a host on your network, you can use the details of the DHCPto find the host you’re looking for:

  1. Start Promiscuous Mode on Wireshark.
  2. In the filter toolbar, type in “dhcp” or “bootp,” depending on your Wireshark version.
  3. Select one of the packets filtered out. The packet needs to show “DHCP request” in its Info part.
  4. Go to the packet details pane.
  5. Expand the “Bootstrap Protocol” line.
  6. In there, you’ll see the identifier for the device that sent the request.

Most deviceswill use DHCP to get an IP address as soon as they power up. Make sure you haveWireshark running before the device with an unknown IP/MAC is powered up, soyou can capture its DHCP request.

How to Use Wireshark to Get IP Address on a PS4

If you want toget the IP address of your PS4, treat it as a device with no IP at startup:

  1. Prepare a listening device.This can be a PC with Wireshark installed.
  2. Make sure the listeningdevice has Promiscuous Mode enabled on its Wireshark.
  3. Turn your PS4 on.
  4. Look for the DHCP requestfrom your PS4 on the listening device.
  5. The DHCP request shouldcorrespond with your PS4.
  6. Look for the informationfrom the sender in the details packet pane.
  7. You will be able to notedown your PS4’s name, MAC, and IP address.

If your PS4 isalready turned on, or you’re looking for someone else’s IP, try the following:

  1. Have Wireshark open andlistening to your network. If you’re using a listening device, make surePromiscuous Mode is on.
  2. Use an internet hub toconnect your listening device and PS4 to the internet, or connect PS4 to theinternet via the listening device (for example, by making the listening deviceinto a Wifi host).
  3. Locate your PS4’s IPaddress.
  4. Join a party with theperson for whom you want to find the IP.
  5. Track Wireshark packets foryour PS4. The incoming packets will provide their IP address as the senderaddress.

Unfortunately,most incoming IP addresses are masked by the service provider and protocol, soyou won’t be able to get someone else’s precise IP address.

Games that usea peer-to-peer connection will often have all players communicate with oneanother (in the background), allowing Wireshark to get other players’ IPaddresses. Various service providers often thwart this, so don’t get your hopesup. The most you’ll be able to get is an approximate location and the serviceprovider’s name.

How to Use Wireshark to Get IP Address on an XBOX

To get the IPaddress of your XBOX, you can repeat the same steps as you would for anyunknown device:

  1. Get a listening device, such as a PC loaded with Wireshark.
  2. Make sure the listening device’s Wireshark has Promiscuous Mode enabled.
  3. Turn your XBOX on.
  4. Look for the DHCP request from your XBOX on the listening device.
  5. The DHCP request should correspond with your XBOX.
  6. Look for the information from the sender in the details packet pane.
  7. You will be able to note down your XBOX’s name, MAC, and IP address.

If you’relooking for someone else’s IP, try the following:

  1. Have Wireshark open andlistening to your network. If you’re using a listening device, make surePromiscuous Mode is on.
  2. Use an internet hub toconnect your listening device and XBOX to the internet, or connect your XBOX tothe internet via the listening device (for example, by making the listeningdevice into a Wifi host).
  3. Locate your XBOX’s IPaddress.
  4. Join a party with theperson for whom you want to find the IP.
  5. Track Wireshark packets foryour XBOX. The incoming packets will provide their IP address as the senderaddress.

This methodshould work for peer-to-peer networks and games, or if all of you are using alocal network. Various service providers should be actively thwarting this, however.

Usually, the mostinformation you can get is other people’s service providers and their generallocation (within a few hundred miles).

How to Use Wireshark on Discord

WhileWireshark can help you with connectivity issues on your Discord, you can’t useit to get other people’s IP addresses. Discord uses an IP resolver to maskincoming IP addresses, so you can’t pinpoint them to users.

How to Use Wireshark on Omegle

The simpleanswer is that you can’t really get someone’s IP address from Omegle. If youuse Wireshark to listen to any packets coming from other users, all you willget is their approximate location if you run the IP through a thoroughlocation-based search.

Due to howservice providers mask data, it’s impractical, not to mention illegal, to tryand find out someone’s exact IP.

How to Use Wireshark to Capture Network Traffic

As previouslynoted, if you want to capture network traffic for every device on your network,you need to make sure you have enabled Promiscuous Mode on the listeningdevice.

How to Use Wireshark on Windows

If you want to install Wireshark on your Windows machine, look for the appropriate version to download. Make sure you have selected the Windows version of the download file. From there on, follow the prompts of the installer to install and start Wireshark on your device. Once done, you can easily start diagnosing your connections.

How to Use Wireshark on Mac

To download Wireshark for a Mac device, follow this link. Once downloaded, install Wireshark by following the prompts. Once done, you can start Wireshark and fix your connection issues.

Wade Through the Internet Waters with Wireshark

You can use Wireshark to find your IP address or locate any problems with your internet connection. Sometimes having your problems diagnosed is the hardest part. With Wireshark, tracing your network is simple and easy.

Do you useWireshark for your work? Have you had any success with it? Let us know in thecomment section below.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.