π‘ Packet Capture
Packet capture lets you see exactly what is happening on a networkβpacket by packet. This skill is essential for CCST exams, network troubleshooting, and real IT/help-desk roles.
The most widely used packet capture tool is Wireshark.
π§ What Is Packet Capture?
- Capturing network packets
- Inspecting headers and payloads
- Analyzing traffic behavior
Packet capture = X-ray of the network
π οΈ 1οΈβ£ Wireshark Usage
π What Is Wireshark?
Wireshark is a packet analyzer that captures live network traffic and displays packets in a human-readable format.
- β Free
- β Open-source
- β Industry standard
π₯οΈ Wireshark Interface (Exam Important)
- Packet List Pane (Top): All captured packets (time, source, destination, protocol)
- Packet Details Pane (Middle): Protocol layers (Ethernet, IP, TCP/UDP, HTTP/DNS)
- Packet Bytes Pane (Bottom): Raw data (Hex + ASCII)
Protocol layers are shown in the Packet Details Pane
βΆοΈ How to Capture Packets (Step-by-Step)
- Select network interface (Ethernet / Wi-Fi)
- Click Start (blue shark fin)
- Generate traffic (open website, ping)
- Click Stop (red square)
π Filters in Wireshark
| Filter | Purpose |
|---|---|
| ip | All IP packets |
| tcp | TCP traffic |
| udp | UDP traffic |
| http | HTTP packets |
| dns | DNS queries |
Filters reduce noise β they do NOT stop capture
π§ͺ Real-World Example: Website Not Loading
- Start Wireshark
- Apply filter: dns
- Open website
- β No DNS response β DNS issue
- β DNS OK but no HTTP β Web server issue
πΎ 2οΈβ£ Saving & Opening .pcap Files
π What Is a .pcap File?
A .pcap file stores captured packets so they can be analyzed later or shared.
Think of a .pcap file as a recorded video of network traffic.
πΎ How to Save a Capture File
- Stop capture
- File β Save As
- Choose location
- Select .pcap or .pcapng
- Click Save
Example file: dns_issue.pcap
π How to Open a .pcap File
- Method 1: Wireshark β File β Open
- Method 2: Double-click .pcap file
.pcap files can be analyzed without a live network
π§ͺ Cisco Packet Tracer vs Wireshark
- Packet Tracer: Simulation mode (learning)
- Wireshark: Real packet capture (analysis)
Packet Tracer = Learning
Wireshark = Real-world troubleshooting
Wireshark = Real-world troubleshooting
π Important Security Note
- Wireshark can capture HTTP passwords
- HTTPS encrypts payload
- Always capture traffic legally and ethically
Packet capture requires permission
π Packet Capture β Exam-Ready Summary
| Concept | Key Point |
|---|---|
| Packet capture | Inspect network traffic |
| Wireshark | Packet analyzer |
| Filter | Shows selected packets |
| .pcap file | Saved packet capture |
| Use case | Troubleshooting |