Find the IP sending a SYN packet to port 80:
protocol==TCP flags==SYN destport==80
1. Introduction
Welcome to the Packet Capture Simulation Platform, a safe, interactive tool to learn network packet capture and analysis. Practice with TCP, UDP, DNS, HTTP, ICMP, and more, without needing a live network.
Learning Outcomes:
- Understand network traffic flow between devices.
- Recognize common network protocols.
- Apply filters to focus on specific traffic.
- Analyze suspicious or abnormal packet patterns.
- Gain hands-on experience similar to using Wireshark.
2. Navigation Overview
The platform is divided into sections accessible via the sidebar:
| Section | Description |
|---|---|
| Welcome | Introduction and learning goals |
| What is Wireshark? | Overview of Wireshark and features |
| How It Works | Explanation of capture, decoding, display, filtering |
| Simulation Examples | Guided exercises for TCP, DNS, and filtering |
| Learn More | Official documentation links |
| Terminology | Glossary of key terms |
| Scenarios & Workspace | Interactive lab environment |
| Filter Queries | Examples of packet filters |
| Query Exercises | Step-by-step packet analysis exercises |
| Charts | Visual analytics of captured packet data |
3. Using the Simulation
3.1 Capture Workspace
Simulate network traffic and interact with captured packets. Controls:
- Filter input: Filter packets by protocol or IP.
- Start Capture: Begin capturing packets.
- Stop Capture: Pause capture.
- Clear Packets: Remove captured packets.
- Scenario Buttons: Simulate TCP handshake, DNS query, ICMP ping, HTTP transactions.
3.2 Scenarios
| Scenario | Purpose |
|---|---|
| TCP Handshake | Demonstrates 3-way handshake (SYN → SYN/ACK → ACK) |
| DNS Query | Client queries DNS server |
| ICMP Ping | ICMP echo request and reply |
| HTTP Transaction | Simulates HTTP GET and POST requests |
3.3 Packet Table
Columns:
- Time: Capture timestamp
- Source / Destination: IP addresses
- Protocol: TCP, UDP, DNS, HTTP, ICMP
- Length: Packet size in bytes
- Info: Packet summary
Click a packet for details pane and raw bytes.
3.4 Filtering Packets
Filter examples:
| Type | Example | Description |
|---|---|---|
| Basic | tcp | Show only TCP packets |
| IP Specific | ip.addr == 192.168.1.2 | Packets from/to IP |
| Field Equality | protocol==udp | UDP packets only |
| Negation | source!=192.168.1.2 | Exclude source IP |
| Multiple Values | protocol==tcp,udp | TCP or UDP packets |
| AND Conditions | protocol==tcp source==192.168.1.2 | TCP from specific source |
| OR Conditions | protocol==tcp|udp | TCP or UDP packets |
| Flags | flags==syn | Packets with SYN flag |
| Complex | (protocol==tcp|udp flags==syn|ack) source==192.168.1.2 length>60 | Multi-condition filter |
3.5 Query Exercises
3.6 Terminology Glossary
- Frame: Link-layer representation of network data
- Encapsulation: Wrapping data in protocol headers
- Payload: Actual content inside the packet
- Handshake: Initial negotiation between devices
- Retransmission: Resending lost packets
- Duplicate ACK: Repeated ACK indicating packet loss
- Checksum: Ensures packet integrity
- MTU: Maximum Transmission Unit
- Promiscuous Mode: NIC captures all traffic
- SPAN/Port Mirroring: Switch copies traffic to monitoring port
- Follow TCP Stream: Reconstructs TCP conversation
- Coloring Rules: Highlight specific packets
- Expert Info: Warnings/anomalies highlighted
- RTT: Round-trip time for a packet
- Malformed Packet: Protocol violation
- Decryption: Inspect encrypted payloads with keys
4. Best Practices
- Start with simple filters and gradually increase complexity.
- Observe TCP handshakes and DNS query patterns.
- Identify unusual traffic (unexpected IPs, strange flags, large packets).
- Use glossary for unfamiliar terms.
- Combine multiple filters for detailed analysis.
5. Learning Path Recommendations
- Explore Welcome, What is Wireshark?, How It Works.
- Try Simulation Examples.
- Practice Filter Queries.
- Complete Query Exercises.
- Analyze trends using Charts.
- Refer to Terminology Glossary for key concepts.