Wireshark Tutorial for Beginners (2026)
June 8, 2001 · by Pentevo
Wireshark is the world's most popular network protocol analyzer. It captures the traffic flowing across a network and lets you inspect it packet by packet — invaluable for troubleshooting, learning how protocols work, and security analysis.
⚠️ Only capture traffic on networks you own or are authorized to monitor. Capturing other people's traffic can be illegal.
What Wireshark shows you
Every conversation between computers is made of packets. Wireshark decodes them so you can see the source, destination, protocol, and contents of each one — DNS lookups, HTTP requests, TCP handshakes, and more.
Step 1 — Capture
- Open Wireshark and pick a network interface (your Wi-Fi or Ethernet adapter).
- Click the blue shark-fin to start capturing.
- Generate some traffic (load a website), then stop.
You'll see a live list of packets scrolling by.
Step 2 — The three panes
- Packet list (top) — one row per packet.
- Packet details (middle) — the selected packet broken down by protocol layer.
- Packet bytes (bottom) — the raw hex/ASCII.
Click any packet and expand the layers (Ethernet → IP → TCP → application) to see how data is wrapped.
Step 3 — Display filters (the superpower)
Raw captures are overwhelming. Display filters cut to what matters:
http # only HTTP traffic
dns # only DNS
ip.addr == 10.0.0.5 # to/from a specific host
tcp.port == 443 # HTTPS
http.request.method == "POST"
Combine them with and / or. This is 90% of practical Wireshark.
Step 4 — Follow a stream
Right-click a packet → Follow → TCP Stream to reassemble an entire conversation into readable form. Brilliant for seeing a full HTTP request/response.
Why it matters for security
Wireshark teaches you what "normal" looks like — so abnormal stands out. You'll see a DNS query, a TLS handshake, or unencrypted credentials crossing the wire. That intuition is foundational for both attackers and defenders.
Where it fits
Wireshark pairs naturally with Nmap (map the network, then watch its traffic). To learn packet analysis as part of a full curriculum, start free at the Pentevo Academy.
Related reading
Best Penetration Testing Tools in 2026
The essential penetration testing tools every ethical hacker should know — scanners, proxies, exploitation frameworks and more, with what each is best for.
ToolsBest Vulnerability Scanners in 2026
A practical comparison of the best vulnerability scanners — what they do, free vs commercial options, and how scanning fits into real security.
ToolsMetasploit Tutorial for Beginners (2026)
Understand the Metasploit Framework — what it is, its core concepts (modules, payloads, sessions), and how to use it for authorized learning.
ToolsKali Linux for Beginners: Getting Started in 2026
What Kali Linux is, who it's for, how to install it safely, and the essential commands and tools to begin your ethical-hacking journey.
Practice this hands-on
Pentevo Academy turns these concepts into guided lessons, videos and quizzes — free.
Start learning free