Sniffing Packets with Wireshark

This guide will lead you through the steps of packet capturing with Wireshark.
It is necessary to know which interface card on your computer is being used for traffic. If you do not know which one is being used, open your console and enter:


Next, open Wireshark.

sudo wireshark

Make sure you sniff on the active interface card.

If you are done sniffing, stop Wireshark by pressing ctrl E.

It is possible to follow a specific session. In case you have recorded a quite large pcap and you would for example like to see a specific visit to a website, you can do so by setting the filter on the top left of Wireshark to


followed by pressing enter

See example:

Find the packet you are looking for by scrolling through the information.
Right-click on that packet and choose
follow tcp stream
A window with detailed information about that packet pops up.
Close the window and you will see only information about that specific session. You can save this information by going to the file-menu and choose
save as...


and save the file.

See example: