Wireshark : Java Glossary

Wireshark logo Wireshark

A free TCP/IP (Transmission Control Protocol/Internet Protocol) protocol sniffer formerly known as Ethereal. The current version is 1.6.5 Last revised/verified: 2012-01-10. It has support for hundreds of protocols that piggyback on TCP/IP, formatting the messages it captures. By default it captures all traffic going through your Ethernet card, not just TCP/IP. Its main limitation is it cannot monitor purely local traffic. It must be going to some other machine.

Even though it can do 1000 things I could never imagine doing, it cannot decode GZipped pages, something I would think should be a fundamental feature. I Googled Wireshark Gzip and discovered the Wireshark people believe that is too difficult to do, and recommend a number of third party packages. Imagine me spitting out a glassful of lemonade in a spray in disbelief. Granted, Gzip cannot be decoded an isolated packet at a time, but it can a TCP/IP stream at a time.

Using a simple capture filter of tcp port 80 will show you just the HTTP (Hypertext Transfer Protocol) stuff. A capture filter determine what raw data to capture. You later can apply any of a number of display filters, e.g. http.request.method == "GET" to further reduce the amount of material to look at. When you find what you want, right click and tell it to decode and follow the TCP/IP stream.

Wireshark is an eavesdropper on the link between a program in your machine and one in a server somewhere on the net. It is not privy to the private keys used in encryption. This means it can tell you almost nothing when it snoops on SSL (Secure Sockets Layer) conversations. Other than the initial DNS (Domain Name Service) lookup, everything with https: is encrypted, including the URL (Uniform Resource Locator) you are requesting.

Wireshark Cheat Sheet

The following cheat sheet is implemented as a dummy HTML (Hypertext Markup Language) form to allow you to adjust the values for your particular situation and the print it out on an index card. With it, you will find Wireshark easier to use. If you don’t get satisfactory printed results with print selected in your browser, try a different browser, or use FastStone capture.


Wireshark Cheat Sheat
My computer’s IP (Internet Protocol)
My router’s internal IP
My face IP
My gateway IP
My primary DNS IP
My secondary DNS IP
website IP
website IP
website IP
website IP
HTTP capture filter tcp port 80
GET display filter http.request.method == "GET"
POST display filter http.request.method == "POST"
FTP (File Transfer Protocol) capture filter tcp
FTP display filter ftp

If you know how to make browsers print just a form, not the whole document, please let me know.


CMP homejump to top You can get the freshest copy of this page from: or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
http://mindprod.com/jgloss/wireshark.html J:\mindprod\jgloss\wireshark.html
logofeedback Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : feedback email If you want your message kept confidential, not considered for posting, please explicitly specify that.
mindprod.com IP:[65.110.21.43]
view BlogYour face IP:[38.107.179.212]
You are visitor number 8,614.