LabEx
Log InJoin Free

Verify Wireshark Installation

WiresharkBeginner
Practice Now

Introduction

In this challenge, "Verify Wireshark Installation," you'll confirm that Wireshark is correctly installed and functioning on your system. The goal is to start Wireshark from the terminal, select the interface that carries local traffic, and apply a display filter to capture only HTTP traffic.

You'll use the wireshark command to launch the application, then generate HTTP traffic against a local web service that is already available inside the VM. Finally, you'll verify that the local HTTP traffic is successfully captured and displayed in Wireshark, confirming the installation and basic functionality without depending on external internet access.

Verify Wireshark Installation

This challenge verifies that Wireshark is installed and can capture traffic on the system.

Tasks

  • Start Wireshark from the terminal.
  • Select the appropriate network interface to capture local traffic.
  • Apply a display filter to capture only HTTP traffic (port 80).
  • Verify that HTTP traffic is being captured.

Requirements

  1. Start Wireshark from the terminal using the command wireshark.
  2. Select the correct network interface in Wireshark to capture local traffic. Because the HTTP request stays inside the VM, this is usually the loopback interface such as lo.
  3. Apply a display filter in Wireshark to capture only HTTP traffic using the filter http.
  4. Generate some HTTP traffic by using curl http://127.0.0.1 in another terminal.
  5. Verify that the HTTP traffic from 127.0.0.1 is captured in Wireshark.

Examples

After applying the filter and generating local HTTP traffic, you should see packets with the protocol "HTTP" in the Wireshark packet list. The "Source" and "Destination" columns should typically show 127.0.0.1 because the request stays inside the VM.

Capture HTTP traffic

Hints

  • If you don't see any traffic, make sure you have selected the loopback interface, usually lo.
  • Double-check the display filter to ensure it is correctly entered as http.
  • Ensure that you are generating HTTP traffic after starting the capture and applying the filter.
  • Confirm that curl http://127.0.0.1 returns a directory listing or HTML content in the terminal.
  • If you are still having trouble, try capturing all traffic first (without a filter) to confirm that Wireshark is working correctly, then add the filter.
✨ Check Solution and Practice

Summary

In this challenge, the goal is to verify a working Wireshark installation. This involves launching Wireshark from the terminal, selecting the loopback interface for local traffic capture, and applying a display filter to isolate HTTP traffic.

The key learning points include confirming Wireshark's functionality by capturing and filtering network packets. Specifically, the challenge requires using the http display filter, generating HTTP traffic with curl http://127.0.0.1, and verifying that the captured traffic in Wireshark displays the HTTP protocol and local source/destination IP addresses. Successful completion confirms that Wireshark is correctly installed and configured for basic packet capture and analysis.

Related Wireshark Courses
Wireshark for Beginners

Wireshark for Beginners

cybersecuritywireshark
Cybersecurity Analysis with Wireshark and Tshark

Cybersecurity Analysis with Wireshark and Tshark

cybersecuritywireshark