Wireshark: The Basics | Tryhackme Walkthrough

Learn the basics of Wireshark and how to analyse protocols and PCAPs.

Introduction

Wireshark is an open-source, cross-platform network packet analyser tool capable of sniffing and investigating live traffic and inspecting packet captures (PCAP). It is commonly used as one of the best packet analysis tools. In this room, we will look at the basics of Wireshark and use it to perform fundamental packet analysis.

Note: A VM is attached to this room. You don’t need SSH or RDP; the room provides a “Split View” feature. We suggest completing the Network Fundamentals module before starting working in this room.

There are two capture files given in the VM. You can use the “http1.pcapng” file to simulate the actions shown in the screenshots. Please note that you need to use the “Exercise.pcapng” file to answer the questions.

Ques 1: Which file is used to simulate the screenshots?
Ans 1: http1.pcapng

Ques 2: Which file is used to answer the questions?
Ans 2: Exercise.pcapng

Tool Overview

Use Cases

Wireshark is one of the most potent traffic analyser tools available in the wild. There are multiple purposes for its use: