- Install Wireshark on your Linux sandbox machine by running the command “sudo apt-get
install wireshark” - Start Wireshark by running the command “wireshark” in the terminal
- In the Wireshark interface, select the network interface you want to capture packets on (e.g.
“eth0”) - Start capturing packets by clicking on the “Start” button or by pressing “Ctrl+E”
- After capturing the packets, you can stop the capture by clicking on the “Stop” button or by
pressing “Ctrl+E” - Analyze the captured packets by using the various filters and analysis tools available in
Wireshark (e.g. “http” filter to view only HTTP packets) - To save the captured packets, go to “File” > “Save As” and select a file format and location to
save the capture file.
Reference:
● Wireshark website: https://www.wireshark.org/
● Wireshark documentation: https://www.wireshark.org/docs/
● Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-use-wireshark-
to-capture-filter-and-inspect-packets
● Linux.com: https://www.linux.com/learn/how-use-wireshark-capture-analyze-and-
troubleshoot-network-traffic
● LinuxJournal: https://www.linuxjournal.com/content/using-wireshark-capture-and-analyze-
network-traffic