☁️
Cloudflare Guides
  • WAF (Web Application Firewall)
    • Guides
      • Log Guide
        • Page 6
        • Page 1
        • Page 2
        • Page 4
      • Block Guide
        • Block a Browser
        • Block a Country
        • Block a Continent
        • Block by IP Address
      • Managed Challenges Guide
        • Managed Challenge IP Range
        • Managed Challenge Browser
        • Managed Challenge Continent
        • Managed Challenge Country
      • Legacy Captcha Guide
        • Legacy CAPTCHA IP Address
        • Legacy CAPTCHA for Country
        • Legacy CAPTCHA by Browser
        • Legacy CAPTCHA Continent
      • Rate Limiting Guide
      • Bots Guide
  • DNS Guide
  • Speed Optimization
  • Fundamentals
  • Network Linux Commands
  • WireShark
  • SSL/TLS
  • DNS Query
Powered by GitBook
On this page

WireShark

Wireshark is a surgical tool used to analyze ingress and egress traffic in a network.

Filters

It is important to learn how to use filters in Wireshark because there are thousands upon thousands of packets to go through; Narrowing down what you're looking for is a good way to not view too much information.

You can filter by: protocol, Date and Time, text strings, Boolean, etc.

Filters can also use Operators:

examples-

&& logical AND

|| Logical OR

Here are some useful filters:

Packetloss

  • tcp.analysis.lost_segment – Indicates we’ve seen a gap in sequence numbers in the capture. Packet loss can lead to duplicate ACKs, which leads to retransmissions.

  • tcp.analysis.retransmission – Displays all retransmissions in the capture. A few retransmissions are OK, excessive retransmissions are bad. This usually shows up as slow application performance and/or packet loss to the user.\

View SNI (SSL/TLS):

tls.handshake.extensions_server_name

PreviousNetwork Linux CommandsNextSSL/TLS

Last updated 2 years ago