My First Wireshark Capture

A short lab note on capturing traffic, filtering DNS, and learning to read packets without rushing.

Setup

I opened Wireshark, selected my active network interface, and captured traffic while visiting a few safe websites.

At first, the capture window looked overwhelming because there were many packets moving at once. The important lesson was that I do not need to understand every packet immediately. A better approach is to start with one question, such as “What DNS query did my computer send?” or “Which server did my browser connect to?”

Filters used

dns, http, and tcp helped reduce noise and focus on one protocol at a time.

Display filters do not delete packets. They only hide packets that do not match the filter. This is useful because I can capture once, then study different protocols from the same capture file. For example, dns lets me focus on name resolution, while tcp helps me see connection behavior.

What I looked for

The source IP address, which is usually my device.
The destination IP address, which is the server or DNS resolver.
The protocol column, which tells me what type of traffic I am seeing.
The info column, which gives a short summary of what happened.

Beginner practice steps

Start a capture on the correct network interface.
Open a browser and visit a safe website.
Stop the capture after a few seconds so the file stays small.
Apply the dns filter and identify the query and response.
Write down what IP address was returned for the domain.

What I learned

Packet analysis is easier when I ask one clear question first, such as “What DNS query was made?” instead of trying to understand every packet at once.

I also learned that Wireshark is not only for advanced security work. It is also a networking learning tool. It shows how DNS, TCP, HTTP, ARP, and other protocols actually appear on the network.