Wireshark is a powerful open source network protocol analysis tool designed to help users understand the details of network communications. By capturing, parsing and displaying network packets, Wireshark can help engineers diagnose problems, optimize performance, and solve various network problems. Whether it is in-depth analysis or quick debugging, Wireshark is one of the indispensable tools.
Install and start
You can download the tool from Wireshark’s official website: Wireshark official website . Wireshark supports multiple operating systems, including but not limited to Windows, macOS, and Linux. It is a free and open source tool that can be downloaded and used freely.
Packet Capture Process
Packet capture, as one of the core functions of Wireshark, helps you capture network data packets for analysis. The following is a concise packet capture process:
-
Open the Wireshark application.
-
In the interface list on the main interface of Wireshark, select the network interface you want to monitor. This is generally the interface associated with your network connection.
-
Click the "Start Capture" button and Wireshark starts recording packets passing through the selected interface.
-
During the capture process, Wireshark displays the captured packets in real time. You can see the source address, destination address, protocol type and other information.
-
When you want to stop capturing, click the "Stop Capturing" button.
How to use Wireshark to capture packets on iPhone
Next, let’s learn more about how to use Wireshark to capture packets on iPhone.
-
Make sure your computer and iPhone are connected to the same Wi-Fi network.
-
Open Wireshark and select the option that matches your network interface, just like capturing packets on your computer.
-
Enter "ip.addr == <your iPhone's IP address>" in Wireshark's filter. This will filter out packets related to your iPhone.
-
On your iPhone, open Settings and select Wi-Fi. Click on the Wi-Fi network you are currently connected to and scroll to the bottom to find the HTTP proxy option. Select "Manual" and enter your computer's IP address and the listening port shown in Wireshark (default is 8888).
-
Back in Wireshark, you should start seeing packets sent and received from your iPhone, including HTTP and HTTPS traffic.
It should be noted that in order to capture the content of HTTPS communications, you need to perform additional settings, such as configuring SSL keys. This will allow Wireshark to decrypt HTTPS traffic for analysis.
The difference between Wireshark and Charles packet capture tools
We introduced the Charles packet capture tool in the previous article . Let us compare the differences between Wireshark and Charles packet capture tools:
| comparison item | Wireshark | Charles |
|---|---|---|
| Support platform | Cross-platform support (Windows, macOS, Linux, etc.) | macOS、Windows |
| Protocol support | Extensive protocol support and ability to parse multiple packet types | Mainly used for HTTP/HTTPS, auxiliary WebSocket and HTTP2 |
| Functional complexity | Powerful and complex, suitable for in-depth analysis of network communications | Relatively simple and more focused on web development and debugging |
| Ease of use | The learning curve is steep and requires certain network knowledge. | Relatively easy to get started and suitable for quick debugging and analysis |
In summary, Wireshark, as a powerful network protocol analysis tool, reveals the internal mechanism of network communication for us. By mastering the basic usage of Wireshark, you will be able to explore the network world more freely, optimize performance, and solve problems. I hope this article is helpful to you. If you have any questions or suggestions, please share them with me in the comment area. You can also follow this column to learn more about iOS reverse engineering.