Demystifying Network Traffic Monitoring with Wireshark

By

A practical guide to protocols, devices, routing, and real-world diagnostics

Introduction to Wireshark

Wireshark is a powerful open-source tool used to capture and analyze network traffic. It helps identify performance bottlenecks, troubleshoot connectivity issues, and monitor real-time communication between devices.

πŸ”— Sample traffic captures: Wireshark Sample Captures

Common Packet Types

UDP – User Datagram Protocol

  • Connectionless protocol (no handshake)
  • Packets are broadcast with only destination IP
  • No delivery confirmation or error handling
  • Lightweight but unreliable

TCP – Transmission Control Protocol

  • Connection-based: uses handshake to establish a connection
  • Acknowledgment system ensures packet delivery
  • Retransmits lost packets automatically
  • Reliable but slightly slower than UDP

What Is a MAC Address?

  • A MAC (Media Access Control) address is a globally unique identifier for every network device
  • Assigned by manufacturers using blocks provided by IEEE
  • ARP (Address Resolution Protocol) converts an IP address to a MAC address within local networks
  • Unlike IP addresses, MAC addresses don’t change over time or across networks

DHCP – Dynamic Host Configuration Protocol

  • Automatically assigns IP addresses to devices on a network
  • Commonly built into routers
  • Maps dynamic IPs to device MAC addresses
  • Helps avoid IP conflicts within the same LAN

Network Gateway

  • A gateway connects your internal network to external networks (like the internet)
  • All outgoing and incoming packets pass through this gateway
  • Shown as Default Gateway when running ipconfig on Windows

DNS – Domain Name System

  • Translates domain names (e.g., www.google.com) into IP addresses
  • DNS lookups can cascade through multiple servers if needed
  • Usually handled by your ISP, organization, or router

Virtual Devices & Port Forwarding

  • Virtual devices (e.g., virtual machines or containers) run on a host system
  • They rely on port forwarding to communicate over TCP/IP
  • Host system acts as a proxy for virtual device network communication

Understanding NAT (Network Address Translation)

  • Allows private IP devices (within LAN) to access the public internet
  • Replaces internal IPs with the router’s public IP address
  • When responses return, the router maps the public request back to the internal sender

Real-world scenario:

Your PC (192.168.x.x) requests www.google.com. The router (NAT device) sends the request using its public IP, receives the response, and forwards it back to your PC.

Essential Windows Network Commands

ipconfig /all

Displays detailed network configuration:

  • IPv4 Address
  • MAC Address
  • DNS Server
  • DHCP Server
  • Gateway IP

Sample Output:
IPv4 Address. . . . . . . : 192.168.1.100
Default Gateway . . . . .: 192.168.1.1
DHCP Server . . . . . . .: 192.168.1.1
DNS Server . . . . . . .: 192.168.1.1

Tracing Routes with tracert

Use tracert command to trace all network hops between your device and a remote server

Command> tracert www.google.com

Sample Output:
1 1 ms 1 ms 192.168.1.1 (Your local router)
2 * * Request timed out
3 130 ms 115 ms 10.206.160.145

15 89 ms 95 ms www.google.com [216.58.199.164]
Each line shows a network hop (router) involved in reaching your destination.
Useful for identifying bottlenecks or unreachable segments.

Final Thoughts

Network monitoring doesn’t have to be a black box. With tools like Wireshark, and knowledge of TCP/IP, NAT, DNS, DHCP, and tracert, you’re empowered to understand, diagnose, and improve your own network or enterprise systems.

Leave a Comment

Your email address will not be published. Required fields are marked *