Wireshark : Java Glossary


Wireshark logo  Wireshark

A free TCP/IP (Transmission Control Protocol/Internet Protocol) protocol sniffer formerly known as Ethereal. The current version is 2.2.1 Last revised/verified: 2016-10-04. It has support for hundreds of protocols that piggyback on TCP/IP, formatting the messages it captures. By default it captures all traffic going through your Ethernet card, not just TCP/IP. Its main limitation is it cannot monitor purely local traffic. It must be going to some other machine.

Even though it can do 1000 things I could never imagine doing, it cannot decode GZipped pages, something I would think should be a fundamental feature. I Googled Wireshark Gzip and discovered the Wireshark people believe that is too difficult to do and recommend a number of third party packages. Imagine me spitting out a glassful of lemonade in a spray in disbelief. Granted, Gzip cannot be decoded an isolated packet at a time, but it can a TCP/IP stream at a time.

Unfortunately, the user interface has been improved so the program is no longer even remotely intuitive to use.

Because of the way https/ssl is implemented, WireShark cannot help you monitor such connections. Unfortunately Google has convinced business after business to switch to SSL (Secure Sockets Layer).
The current version of WireShark is very buggy and crashes very frequently. I am open to a replacement.

Using a simple capture filter [capture ⇒ capture filters] of tcp port 80 will show you just the HTTP (Hypertext Transfer Protocol) stuff. A capture filter determine what raw data to capture. You later can apply any of a number of display filters, e.g. http.request.method == GET to further reduce the amount of material to look at. When you find what you want, right click and tell it to decode and follow the TCP/IP stream. The dialog where you specify the capture filter is artfully hidden. Click Capture ⇒ Options. Double click the interface of interest. Fill in the capture filter box.

Wireshark is an eavesdropper on the link between a program in your machine and one in a server somewhere on the net. It is not privy to the private keys used in encryption. This means it can tell you almost nothing when it snoops on SSL conversations. Other than the initial DNS (Domain Name Service) lookup, everything with https: is encrypted, including the URL (Uniform Resource Locator) you are requesting.

HTTPS (Hypertext Transfer Protocol over SSL (Secure Socket Layer))

Wireshark cannot snoop on https: conversations. Only the end user application has the decoding key. Further it does not display gzipped messages in clear text. It could; it does not need a key, but for some reason they refuse to implement it. For sniffing on https: conversations between browser an server, use the HttpFox add-in.


If you get a message The NPF driver isn’t running or if there are no connections displayed to select from, open a command prompt with run as admistrator. Type sc start npf to start the NPF service then restart Wireshark. You can also try reinstalling WinPcap.

To access the Wireshark website you need three different login ids and three different passwords, depending on which part of the website you are accessing.

To start Wireshark capturing requires you to fill in three fields:

  1. Select the fourth line from the top, and click Ctrl-. Type a filter such as http.request.method == "GET". If you select a preset, engage it by clicking the blue arrow on the right. This field is separated from the rest, so it is easy to overlook.
  2. Select a capture filter, e.g. tcp port http
  3. Select your connections(s) with Ctrl-Click.
  4. Then click the shark fin icon on the third line at the left.

Wireshark Cheat Sheet

The following cheat sheet is implemented as a dummy HTML (Hypertext Markup Language) form to allow you to adjust the values for your particular situation and the print it out on an index card. With it, you will find Wireshark easier to use. If you don’t get satisfactory printed results with print selected in your browser, try a different browser, or use FastStone capture.

Wireshark Cheat Sheet
My computer’s IP (Internet Protocol)
My router’s internal IP
My face IP
My gateway IP
My primary DNS IP
My secondary DNS IP
website IP
website IP
website IP
website IP
HTTP capture filter tcp port http
GET display filter http.request.method == GET
POST display filter http.request.method == POST
FTP (File Transfer Protocol) capture filter tcp
FTP display filter ftp

If you know how to make browsers print just a form, not the whole document, please let me know.


book cover recommend book⇒Wireshark 101: Essential Skills for Network Analysisto book home
by Laura Chappell 978-1-893939-72-1 paperback
publisher Laura Chappell University B00BF50LD0 kindle
published 2013-02-01
Contains step-by-step recipes to use Wireshark.
Australian flag abe books anz abe books.co.uk UK flag
German flag abe books.de amazon.co.uk UK flag
German flag amazon.de abe books.ca Canadian flag
Spanish flag amazon.es amazon.ca Canadian flag
Spanish flag iberlibro.com Chapters Indigo Canadian flag
French flag abe books.fr abe books.com American flag
French flag amazon.fr amazon.com American flag
Italian flag abe books.it Barnes & Noble American flag
Italian flag amazon.it Nook at Barnes & Noble American flag
India flag junglee.com Kobo American flag
UN flag other stores Google play American flag
O’Reilly Safari American flag
Powells American flag
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder.

This page is posted
on the web at:


Optional Replicator mirror
of mindprod.com
on local hard disk J:

Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number