Learn packet analysis with challenging Wireshark labs (+25 advanced PCAP case-studies) !
Officially Endorsed
Wireshark Foundation
Affiliate spotlightSponsored
The Wireshark Certified Analyst (WCA) Complete Course
Official Wireshark Certified Analyst - The Complete Course
Backed by the Wireshark Foundation, this immersive program shows you exactly how to troubleshoot, analyze, and secure packet flows with confidence.
- Hands-on Wireshark labs that mirror real packet captures.
- Master Ethernet, ARP, IPv4/6, TCP, ICMP, and more.
- Follow a guided progression that keeps you focused and confident.
PacketSafari partners with top training providers—purchases through this link help us keep building free labs and articles.
Decoding Ethernet-in-L2TPv3
If you're dealing with L2TPv3 encapsulation over UDP (often on port 1701), and inside it are raw Ethernet frames, your tools might struggle to decode them properly out of the box.
OR
Disabling AI Assistance for PCAPs
Sometimes, the best way to learn is without help. That’s the thinking behind our latest feature in PacketSafari Pro, designed specifically for educators and others who want full control over how PCAP files are explored.
OR
PCAP Prompt Compression
Network packet captures (PCAPs) can contain enormous amounts of detailed data—ranging from raw bytes and decoded packet details to metadata. In many cases, however, feeding all this information directly into an AI system for analysis is impractical due to strict data size limits. Prompt compression is a strategy designed to address this challenge, ensuring that the essential information is maintained while keeping the data within manageable bounds.
OR
PacketSafari PCAP Sanitization
PacketSafari is proud to announce our most requested feature: in-memory PCAP sanitization. This process involves stripping away sensitive or unnecessary data from PCAP files while retaining only the essential header information.
OR
How to Anonymize a PCAP
PCAP files capture comprehensive network traffic, often including sensitive information such as personal data, credentials, and other confidential details. Anonymizing these files is essential to protect privacy, comply with data regulations, and safely share network captures without exposing critical information.
OR
Capture PCAPs without Wireshark
This guide walks you through every step of capturing network packets on Windows, Linux, and macOS—without installing Wireshark.
OR
Comparing Network Analysis Tools
In the world of cybersecurity and IT diagnostics, choosing the right network analysis software is crucial. With options ranging from the classic Wireshark to command-line favorites like tcpdump, there’s no shortage of tools available. This article compares traditional packet sniffers with modern solutions, including the innovative PacketSafari Analyzer and Copilot, to help you decide which tool fits your needs.
OR
Wiresharkdecryption
How to decrypt TLS traffic in Wireshark
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. TLS uses a combination of public-key and symmetric-key cryptography, making it ideal for securing communications over the Internet. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
OR
Introducing Packetsafari Copilot
I'm excited to introduce our new tool—Packetsafari Copilot. About a year ago, we launched AI Shark, our first shot at AI analyzing PCAPs. With Copilot, we've taken things to the next level by making packet analysis much more useful and usable.
OR
Find SMBv1 using Wireshark
In a recent Wireshark training, a student had the task of determining which IPs use SMBv1 within a corporate environment. The student showed me this link on Ask Wireshark that has a capture filter for finding SMBv1 packets. This capture filter looks a bit complicated at first. It basically only captures port 139 and 445 and then tries to determine if SMBv1 is used by looking for the magic version number 0xff534d42. As the TCP header might be anywhere from 20 to 60 bytes in size, the capture filter uses arithmetic to determine the header's size (actually the offset) and then searches for the magic value at the correct offset. It then adds 4 bytes to jump over the NetBIOS header to the SMB header:
OR
AI Shark
We are excited to introduce AI Shark, a new AI tool that employs Large Language Models (LLMs) to analyze PCAP files. AI Shark harnesses the power of AI to rapidly identify issues related to performance, connection, packet loss, and more within a PCAP file.
OR
ransomwarecybersecurity
Ransomware Protection: Best Practices in Backup and Defense
Ransomware attacks are a persistent and ever-evolving threat, with devastating consequences for affected organizations. With the ongoing increase in the frequency and sophistication of these attacks, it's now more important than ever to ensure your organization has robust ransomware protection measures in place. In this article, we'll delve deeper into the essential concepts and methods for effective ransomware defense and backup.
OR
nis2directive
NIS2 Directive: All You Need to Know
Are you tired of sifting through endless articles on the NIS2 Directive, trying to figure out what it is and how it impacts your organization? Look no further.
OR
zero-trustsecurity
Zero Trust: Building a More Secure IT Environment
As cyber threats continue to evolve and grow in sophistication, traditional security approaches are no longer enough. Enter the zero trust approach, which is gaining traction as an effective way to protect organizations from cyber attacks.
OR
packetsafarilooking for sponsors
PacketSafari is looking for Sponsors
PacketSafari is an online PCAP analyzer that I've poured my heart and soul into, but unfortunately, it hasn't generated any revenue yet.
OR
wiresharkinsecure
Filtering Insecure Communication in Wireshark: Uncovering Security Risks
In today's digital age, network security has become increasingly important. One of the primary concerns for administrators and security professionals is insecure communication protocols, which can expose sensitive information and create vulnerabilities. In this article, we will discuss some of the most common insecure communication protocols, such as HTTP, FTP, DNS, NTP, and BGP, and how to use Wireshark to filter and analyze them effectively.
OR
gdprcompliance
GDPR Compliance: Everything You Need to Know
If you operate within the European Union (EU) or process personal data of EU citizens, it’s vital that you understand the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. GDPR compliance is mandatory, and failure to comply can result in significant fines.
OR
PCAP analysisnetwork traffic analysis
PCAP Analysis: Tips and Tricks for Effective Network Traffic Analysis
Packet capture (PCAP) analysis is a crucial aspect of network traffic analysis and network security. By capturing and analyzing packets of data flowing across a network, analysts can gain insights into network performance, diagnose issues, and detect security threats.
OR
nis2directive
NIS2 Directive: Best Practices for Conducting Risk Assessments
If you're tasked with conducting a risk assessment in compliance with the NIS2 Directive, you're not alone. Risk assessments are a critical part of NIS2 compliance, helping organizations identify potential cybersecurity risks and determine the steps needed to mitigate them.
OR
nis2cybersecurity
The Importance of NIS2 in Protecting Against Advanced Malware Attacks
As our world becomes increasingly reliant on technology, the threat of damaging cyber attacks grows larger every day. Advanced malware is one of the most dangerous and costly types of cyber attack, causing billions in damages each year. This is why it's more important than ever to understand how NIS2 can help protect against these threats.
OR
ipv4protocol
Unraveling the IPv4 Protocol: The Significance of IP IDs and the IPv4 Header Explained
The Internet Protocol version 4 (IPv4) is the foundation of internet communications, providing a set of rules for data transmission across networks. With billions of devices connected to the internet, understanding the intricacies of the IPv4 protocol is essential for network professionals and packet analysis experts. In this article, we will explore the importance of the IP Identifier (ID) for correlating packets at multiple capture points and delve into the IPv4 header, which contains critical information for routing and data reassembly.
OR
nis2authentication
The Importance of Multi-Factor Authentication for NIS2 Directive Compliance
As organizations work to comply with the NIS2 Directive, one security measure that should be top of mind is multi-factor authentication. This authentication method provides an additional layer of security beyond traditional username and password credentials, making it significantly more difficult for hackers to gain unauthorized access to your network.
OR
nis2network monitoring
Staying Ahead of the Curve: NIS2 and Proactive Network Monitoring
Picture this: you're running a successful online business, and everything is going smoothly. Suddenly, security breaches start wreaking havoc on your company, and you're left wondering what could have been done to prevent them. Enter the NIS2 directive and its emphasis on regularly monitoring network and information systems for security breaches. In this article, we'll explore the critical role proactive network monitoring plays in NIS2 compliance and delve into real-world case studies to illustrate how you can stay ahead of the curve.
OR
PCAP analysisnetwork traffic analysis
How to Analyze PCAP Files Online: A Beginner's Guide
As data travels over a network, it's important to be able to capture and analyze it to identify potential security threats, diagnose network issues, and optimize performance. This is where PCAP files come in. PCAP (Packet Capture) files are a type of file format that record network traffic, allowing you to analyze the data to gain insights into network behavior and identify any issues or threats.
OR
wiresharkpcap
Online Wireshark Training by the makers of the online PCAP analyzer PacketSafari
Online Wireshark Training by the makers of the online PCAP analyzer PacketSafari is a comprehensive training program designed to teach individuals how to use Wireshark, the world’s most popular network protocol analyzer. This program is created by the developers of PacketSafari, the online PCAP analyzer that provides a web-based interface for viewing and analyzing captured packets. With this program, you can develop your network analysis skills and gain hands-on experience in real-world scenarios.
OR
nis2incident response
NIS2 Directive: The Importance of Incident Response Plans
In the wake of cyber attacks that have impacted major companies around the world, the importance of having a robust incident response plan cannot be overstated. Not only is a strong incident response plan vital for reducing the potential impact of a security breach, but it is also crucial for ensuring compliance with the NIS2 Directive.
OR
rtpvoice
RTP Voice Stream Analysis in Wireshark: Common Problems and Solutions
Real-time Transport Protocol (RTP) is commonly used for transmitting voice and video data over IP networks, making it a crucial component of many VoIP and video conferencing applications. In this article, we will focus on how you can analyze RTP voice streams using Wireshark, identify common problems like packet loss and jitter, and understand the acceptable values for these parameters.
OR
arpnetwork troubleshooting
Investigating Network Issues with ARP: Real-World Case Studies Using PacketSafari and Wireshark
ARP is a critical protocol in network communication, and it can often be the cause of network issues. In this article, we will explore real-world case studies of network issues caused by ARP, and how they can be investigated using packet analysis tools like PacketSafari and Wireshark.
OR
icmpdestination unreachable
Demystifying ICMP Errors: Understanding Destination Unreachable, Fragmentation Needed, and MTU Issues
ICMP (Internet Control Message Protocol) is an essential aspect of networking, as it allows network devices to communicate error messages, control information, and other network-related issues. In this article, we will demystify ICMP errors, focusing on destination unreachable, fragmentation needed, and MTU (Maximum Transmission Unit) problems. I will share my insights and knowledge on these topics, providing real-world case studies and examples to help you better understand ICMP errors.
OR
tcpwireshark
TCP Segment Loss in Wireshark: Expert Tips and Tricks
TCP (Transmission Control Protocol) is a widely-used transport layer protocol that provides reliable, ordered, and error-checked delivery of data between applications. While TCP is designed to handle various network issues, such as congestion and packet loss, it's essential for network administrators and analysts to understand and troubleshoot these issues. One common problem is TCP segment loss. In this article, we'll dive into the causes of TCP segment loss, how to identify it in Wireshark, and share expert tips for troubleshooting.
OR
tryhackmewireshark
Solving TryHackMe Wireshark Filters room with PacketSafari - Part I Protocol Filters
OR
wiresharkwifi
Wi-Fi Traffic Analysis with Wireshark: 5 Case Studies You Need to Know
Wi-Fi traffic analysis is a critical skill for network administrators and security professionals. By analyzing Wi-Fi traffic, you can gain insights into network performance, identify security vulnerabilities, and troubleshoot connectivity issues. Wireshark, a widely-used packet analysis tool, provides powerful features for capturing and analyzing Wi-Fi traffic. In this article, we'll explore five real-world case studies that demonstrate the value of using Wireshark for Wi-Fi traffic analysis.
OR
WiresharkWindows
Windows name poisoning remains a dangerous attack vector
Name-poisoning is a source of constant headaches, even for hardened Windows computers. They afford attackers a wide range of subtle avenues that can be difficult to defeat in practice. Our article about name poisoning sheds some light on this underrated topic.
OR
Wireshark4.0
Wireshark has a new default layout
If you analyze network protocols like IPv4, ICMP, IPv6, ICMPv6, TLS, and GRE, this article is for you.
OR
http1http2
Comparing HTTP/1, HTTP/2, HTTP/3, and QUIC: Key Differences, Commonalities, Pipelining, and Multiplexing
OR
HSRPMHSRP
Layer 2 and 3 Changes in First Hop Redundancy Protocols: Failover and Active-Active Mechanisms
First Hop Redundancy Protocols (FHRPs) are designed to ensure network reliability by managing changes at both Layer 2 (Data Link) and Layer 3 (Network) during failover and active-active situations. In this article, we will delve into how FHRPs handle these changes and the mechanisms behind their operation.
OR
dnsdoh
A short Guide to DNS Protocols: DoH, DoT, DNSSec, and DNSCurve
The Domain Name System (DNS) is a fundamental part of the internet's infrastructure, providing the essential service of translating human-readable domain names into IP addresses that computers can understand. Over time, various protocols and security measures have been developed to enhance DNS functionality and security. In this article, we'll dive into the details of DNS protocols like DNS over HTTPS (DoH), DNS over TLS (DoT), DNSSec, and DNSCurve, comparing their features, usage, and real-world case studies. We'll also explore how to analyze and troubleshoot DNS issues using packet analysis tools like Wireshark and PacketSafari.
OR
HSRPMHSRP
Basics of First Hop Redundancy Protocols: Analysis and Troubleshooting with Wireshark
First Hop Redundancy Protocols (FHRPs) play an essential role in maintaining network availability and resilience. There are several FHRPs, each with its unique characteristics and operational principles. In this article, we will discuss the key FHRPs, their impact on capturing trace files, and how to troubleshoot them using Wireshark.
OR
dnswireshark
Unraveling DNS Mysteries: 3 Real-World Case Studies Analyzing DNS in Wireshark
As a packet analysis expert, I've encountered numerous cases involving DNS (Domain Name System) analysis using Wireshark. In this article, I'll share three real-world case studies that demonstrate how Wireshark can help you uncover the truth behind DNS-related issues. Whether you're a network administrator or a cybersecurity professional, these examples will provide valuable insights and showcase the power of PacketSafari (https://app.packetsafari.com) and our WIRED for Packet Analysis training course (https://oripka.de/en/wired/).
OR
Wiresharkgit
How to merge Wireshark upstream changes into a local fork
When maintaining the fork of Wireshark, it is necessary to synchronize the custom changes with the upstream changes from the main Wireshark repository. We use the following approach to apply a clean patch to a new upstream release.
OR
WordLressVulnerability
GDPR, Google Analytics and leaking hashes
The use of Google Analytics has been found to violate European Union privacy laws in France recently. This succeeds a similar ruling in Austria. The rulings found that Article 44 of GDPR is breached because personal data is transferred outside the EU to third countries that are not considered to have sufficient privacy protections. The U.S., where Google Analytics is hosted, fails the equivalence test on account of having surveillance laws that don't afford non-U.S. citizens basic protection of their personal data.
OR
stpspanning tree protocol
STP Analysis with Wireshark: 3 Real-World Case Studies
The Spanning Tree Protocol (STP) is a critical network protocol that prevents loops in Ethernet networks by creating a loop-free logical topology. As a network administrator or engineer, understanding and analyzing STP is essential for maintaining a healthy and efficient network. In this article, we'll introduce you to three real-world case studies that demonstrate the power of Wireshark, a leading packet analysis tool, in STP analysis.
OR
wiresharkntp
Analyzing NTP Traffic with Wireshark: A Practical Guide for Network Administrators
The Network Time Protocol (NTP) is a critical service for maintaining accurate time synchronization across networks. Accurate time synchronization is essential for various applications, such as authentication, logging, and troubleshooting. In this article, we will discuss how to analyze NTP traffic using Wireshark, a popular packet analyzer, and explore three real-world case studies. Our PacketSafari online analyzer can also be used to analyze NTP traffic with ease.
OR
wiresharkqos
QoS Analysis with Wireshark: 3 Case Studies
Quality of Service (QoS) is crucial for managing and prioritizing network traffic, ensuring that critical applications and services receive the necessary resources. In this article, we'll dive into three case studies using Wireshark to analyze QoS at both Layer 2 (802.1Q) and Layer 3 (ToS/DSCP).
OR
WiresharkTCP
Wireshark TCP Trace Graph Tutorial
Why don't you use graphs instead? They are a powerful tool in a packet analyst's craft. Having a basic understanding of how Wireshark visualizes packet information in a TCP graph, you can take shortcuts in the analysis workflow and avoid spending many hours looking for patterns that are barely visible in the limited perspective of the packet list.
OR
cloudpacket capture
Packet Capture Challenges in the Cloud: Case Studies and Real-World Examples
As more organizations migrate their services and applications to the cloud, understanding and troubleshooting network traffic becomes increasingly crucial. However, packet capture and analysis in the cloud present unique challenges compared to traditional on-premises networks. In this article, we will dive into these challenges, explore real-world examples, and provide expert insights on how to overcome them.
OR
voipsip
VoIP Troubleshooting: Essential SIP and RTP Case Studies for Success
VoIP (Voice over IP) communication has become an integral part of modern telephony, offering greater flexibility and cost savings compared to traditional phone systems. As with any technology, VoIP networks rely on efficient and reliable connections, making troubleshooting an essential skill for network analysts. In this article, we will explore practical case studies using SIP (Session Initiation Protocol) and RTP (Real-time Transport Protocol) to enhance your VoIP troubleshooting expertise.
OR
bluetoothusb
Capturing Bluetooth and USB Traffic with Wireshark: Expert Guide on Installing and Using NPCAP Driver
OR
smbsmbv1
SMBv1 vs SMBv2 vs SMBv3: Understanding the Differences and Securing Your Network
⚠️ Also checkout our article on how to identify legacy SMBv1 traffic using advanced filters ⚠️
OR
packet capturingmobile devices
Packet Capturing on Mobile Devices: A Comprehensive Guide for iPhones and Androids
Packet capturing is an invaluable skill for network analysis and troubleshooting. With the increasing use of mobile devices, it has become more critical than ever to understand how to capture packets on iPhones and Androids. This comprehensive guide will walk you through the mechanisms available for packet capturing on mobile devices, and demonstrate how to analyze these captures using Wireshark.
OR
multicastvideo
Mastering the Art of Multicast Video Traffic Analysis: 3 Real-World Troubleshooting Case Studies
Multicast video traffic analysis is essential for ensuring the quality of video streaming services. With the ever-growing demand for high-quality video content, understanding how to analyze and troubleshoot multicast traffic is vital for network engineers and administrators. In this article, we will explore three real-world case studies that demonstrate how to use Wireshark and other packet analysis tools to identify and resolve common multicast video traffic issues.
OR
kerberostroubleshooting
Advanced Troubleshooting of Kerberos Problems with Wireshark: 5 Real-World Case Studies
Kerberos is a critical authentication protocol in many enterprise environments, ensuring secure communication between clients and servers. However, when problems arise, it can be challenging to identify the exact issue. In this article, we'll explore five real-world case studies of advanced troubleshooting of Kerberos problems with Wireshark, the popular network protocol analyzer.
OR
layer 2network loops
Unraveling Layer 2 Problems: Expert Tips for Troubleshooting Network Issues
Layer 2 problems are common in network environments and can cause significant performance issues or even complete network outages. Troubleshooting these problems can be challenging, especially in complex environments like hospitals where equipment is frequently sanitized and older devices require specific port configurations. In this article, we'll discuss the most frequent Layer 2 issues and provide expert tips for solving them using Wireshark, the world's foremost network protocol analyzer.
OR
link-aggregationlag
Link Aggregation: LAG, LACP, Etherchannel, MLAG, VSS, Stacking and FHRP
Link aggregation is a powerful technique that can significantly improve your network's performance, redundancy, and resilience. This article will provide a high-level overview of various link aggregation technologies, including LAG, LACP, Etherchannel, MLAG, Stacking, and First Hop Redundancy Protocols (FHRP) like HSRP.
OR