WireShark

Wireshark is a surgical tool used to analyze ingress and egress traffic in a network.

Filters

It is important to learn how to use filters in Wireshark because there are thousands upon thousands of packets to go through; Narrowing down what you're looking for is a good way to not view too much information.

You can filter by: protocol, Date and Time, text strings, Boolean, etc.

Filters can also use Operators:

examples-

&& logical AND

|| Logical OR

Here are some useful filters:

Packetloss

• tcp.analysis.lost_segment – Indicates we’ve seen a gap in sequence numbers in the capture. Packet loss can lead to duplicate ACKs, which leads to retransmissions.

• tcp.analysis.retransmission – Displays all retransmissions in the capture. A few retransmissions are OK, excessive retransmissions are bad. This usually shows up as slow application performance and/or packet loss to the user.\

View SNI (SSL/TLS):

tls.handshake.extensions_server_name