I’m often asking people to provide wireshark logs or check issues in wireshark, a lot of people also have no idea how to do this. I hope this helps.
Firstly download and install Wireshark, it will also install WinPCap, this is fine.
Click the second icon from the left to open the capture dialogue box.
Depending on the problem you are trying to diagnose it is sensible to tick the option to capture on all interfaces and un-tick promiscuous mode.
You can, and should, also fill in a capture filter.
host ip.or.server.name.here – to capture information sent to just a single host, useful if you want to diagnose problems with transfer speeds to a website or server.
port 80 – or another port number if you want to capture all the web requests, smtp requests or similar traffic to and from your computer.
host server.ip.or.name and not port 3389 – if you want to get all traffic except your remote control traffic.
port 80 or port 443 – if you want to capture information on two or more sets of ports.
Click on start. Wait for your problem to happen or go to the website or access the service with the issue.
Once done, click the stop button. You could now also save the capture to a file so you can send it to a colleague or support department.
If you want to look at the information in a request such as a web request or SMTP transaction .. right click on the first request in the list and select Follow TCP Stream.
Tips on understanding what is going on include watching an app hang and looking at wireshark for related DNS requests or SYN pacekts that are not being responded to. Remember that you can always save the packet capture and send it to a friend, colleague or support department.