Documentation

This guide will walk you through the complete process of capturing network packets with Wireshark and analyzing them using our service. Follow these steps to get started with network packet analysis.

#1

Step 1: Download Wireshark

Download and install Wireshark on your system

Wireshark is a free and open-source packet analyzer. To get started:

  1. Visit the official Wireshark website: https://www.wireshark.org/download.html
  2. Select the appropriate version for your operating system (Windows, macOS, or Linux)
  3. Download the installer package
  4. Run the installer and follow the installation wizard
  5. During installation, you may be prompted to install Npcap (Windows) or WinPcap - this is required for packet capture
  6. Complete the installation and restart your computer if prompted

Note: On Linux, you may need to install Wireshark via your package manager. On macOS, you can also use Homebrew: brew install wireshark

#2

Step 2: Configure Wireshark

Set up Wireshark for packet capture

Before capturing packets, you need to configure Wireshark:

  1. Launch Wireshark (you may need administrator/root privileges)
  2. Go to Edit → Preferences (or Wireshark → Preferences on macOS)
  3. In the preferences, you can configure:
    • Default capture interface
    • Display filters
    • Protocol preferences
  4. For most users, the default settings are sufficient
  5. Close the preferences window

Important: On Windows, you may need to run Wireshark as Administrator to capture packets. On Linux, you may need to add your user to the wireshark group.

#3

Step 3: Capture Network Traffic

Start a packet capture session

To capture network packets:

  1. In Wireshark, you'll see a list of available network interfaces
  2. Select the interface you want to monitor (usually your active network adapter):
    • Ethernet: Wired network connection
    • Wi-Fi: Wireless network connection
    • Loopback: Localhost traffic (127.0.0.1)
  3. Double-click on the interface to start capturing, or click the blue shark fin icon
  4. Wireshark will now capture all network traffic on the selected interface
  5. You'll see packets appearing in real-time in the packet list
  6. To stop capturing, click the red square "Stop" button

Tip: You can use display filters (e.g., "tcp.port == 80") to focus on specific traffic while capturing, or filter the captured packets afterward.

#4

Step 4: Save the Capture File

Export your captured packets to a PCAP or PCAPNG file

After capturing packets, save them to a file:

  1. Stop the capture if it's still running
  2. Go to File → Save As (or press Ctrl+S)
  3. Choose a location to save the file
  4. Enter a filename (e.g., "network_capture.pcap" - PCAP recommended)
  5. Select the file format:
    • .pcap (recommended): Best compatibility and accurate analysis results
    • .pcapng: Modern format, but analysis may be limited or inaccurate
  6. Click Save
  7. Your capture file is now ready for analysis

Note: Large capture files can be several GB in size. Make sure you have sufficient disk space. You can also use Wireshark's ring buffer feature to limit file size during capture.

#5

Step 5: Upload and Analyze

Upload your capture file to our analyzer

Now you can analyze your capture file using our service:

  1. Navigate to the Analyze File page
  2. Click the upload area or drag and drop your .pcap or .pcapng file

    Format Recommendation: .pcap is recommended for best results..pcapng files are supported but may have limited playback accuracy and results may be inaccurate.

  3. Wait for the file to upload (maximum file size: 4.5 MB due to Vercel platform limitations)
  4. The analysis will process automatically:
    • Packet parsing and extraction
    • IP intelligence lookup
    • Suspicious traffic detection
    • Statistical analysis
  5. Review the results in the dashboard:
    • Overview: Statistics, charts, and traffic patterns
    • Filters: Filter packets by protocol, IP, port, etc.
    • Suspicious Traffic: Detected anomalies and potential threats

Security: Your file is processed entirely in memory and is never stored on our servers. All data is automatically deleted after analysis.

Additional Resources

Wireshark Official Documentation:

Best Practices:

  • Only capture traffic on networks you own or have permission to monitor
  • Use display filters to reduce noise and focus on relevant traffic
  • Limit capture duration or packet count for large networks
  • Review captured files before uploading to ensure they don't contain sensitive data