Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!
Community Manager

Ask Me Anything- Basic Wireshark for Networking Students

This topic is a chance to clarify your questions about how to use Wireshark, particularly for those who study networking. The session provides key information and best practices for students and instructors who want to enhance their theoretical classes and studies with packet capture analysis. During the event, you can clarify your questions about how to use Wireshark, including related topics such as TCP, UDP, ICMPv4, ICMPv6, and OSPF.

To participate in this event, please use the Join the Discussion : Cisco Ask the Expertbutton below to ask your questions

Ask questions from Tuesday 14 to Friday, April 24, 2020

Featured Expert
dr-moises.pngDr. Moisés André Nisenbaum is a full-time professor at the Federal Institute of Rio de Janeiro (IFRJ) since 1986. He has experience in the Information Science area, and he specializes in Information and Communication metrics. In the area of education, he works with different Information and Communication technologies, with a focus on networks, help desk, Physics Teaching and Youth, and adult education. Moisés holds a Bachelor’s degree in physics from the state University of Rio de Janeiro and a Master’s degree in Physical Science form the Brazilian Center of Physical Research. He holds a PhD in Information Science from IBICT / UFRJ.

Dr. Moisés  might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Networking category.

Do you know you  can get answers before opening a TAC case by visiting the Cisco Community.  

SlidesFAQ event video

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

I was really looking forward to this but i couldn't understand the guy. No disrespect intended. Cisco, please stop having non-native English speakers present English content. As a native English speaker i wouldn't dream of teaching something in another language

Hi James

Thank you so much for your feedback, we apologize for the issues and bad experiences this event has provided you.

We’re looking to provide the best experience to our members and event attendees, your comments help us improve.


Community Manager

Hi Dr. Moises Andre Nisenbaum, thank you so much for sharing your knowledge in a Cisco Community Live event

Please help us to cover some of the pending questions from the live session:


  • Sometimes, I’m having captures from source and a destination is requested. Could you please tell me, how it will help to analyze?


You can use this display filter to show packet with specific ip source and destination:

ip.src== and ip.dst ==

Community Manager

  • Can you explain more about the tap hardware and how the general setup will be?


Tap makes possible for you to have a copy of the traffic between A and B in a third device C.

The simpler TAP is a hub. If you insert a Hub between A and B you will be able see traffic in C connected in another hub port.

Of course, there are more sophisticated TAPs  you can buy from 100 to several thousands of dollars.

Take a look at for more information.




Community Manager

  • It seems like stream index filer cannot be applied in certain cases; can you please explain in what conditions it is not selectable?
  • If there is a packet loss during transmission, how do we figure out that?

Both streams and packet loss have to do with TCP protocol.

A Wireshark stream is nothing more that a socket filter. It identify traffic with specific source and destination IP:PORT that can be understand as a TCP conversation. So, to filter by stream, you must be looking for TCP communication. It does not work with UDP, for example.

Packet loss can be identified, for example, when retransmission occurs, that is marked as black packet in packet pane.

That's why Wireshark is so important to learn and teach TCP.



Community Manager

• Does Wireshark have any programmability aspects to it? That is, can we interact with this same information using Python or another programming language?

The command line version of Wireshark - Tshark - can be called by programming languages like Python.

Also, Wireshark is a free and open-source packet analyzer, so, you can go deep and program new stuff like drivers for wireshark




Community Manager

  • Can we have or generate diagrams of the packet flow?
  • May you please explain how can encrypted traffic be analyzed?

There are some graphic tools in Wireshark. Please explore the menu Statistics --> TCP stream graphics.

For decryption of capture data such SSH and TLS, you will have to inform Wireshark the keys. That can be done using the menu Wireshark --> preferences.

Step by step you can find googling "how to decrypt wireshark packets"




Community Manager

• Any tips for Wi-Fi capture on Wireshark?

If you use Linux it is straightforward. Just use Wi-fi driver.

In Windows is very difficult.

For step by step, take a look at:

Content for Community-Ad