Wireshark how packets really look on the wire. Since

Wireshark is an open-source packet analyzer, and it is used to examine the network traffic going across an interface.

It has myriad possible uses in the networking world, but I have mostly used it for troubleshooting network problems and learning about how packets really look on the wire. Since Wireshark is an industry standard tool, it is necessary to be comfortable using it so that you can intelligently work with your peers.In my job I am frequently tasked with correcting a BGP connection which is not being properly established, and then working with a partner ISP to resolve the issue. Using tcpdump (the CLI version of wireshark) I filter the packets that have a source or destination port of 179 (the listening port for BGP when it is in passive mode) and source or destination IP address of the BGP neighbor. I can then watch as the exchange of BGP packets between the two machines and determine whether a TCP connection can be set up, and then track the exchange of packets to watch where in the connection the problem occurs, look at the contents of the opening message to check for configuration errors, etc.

I can then send the pcap file to the partner ISP as proof that the problem is on their side, and I can give advice on what they need to fix. Wireshark is that it allows you to see what is happening at a low level, and then save the relevant data as a .pcap file so that you can confidently establish to any other invloved parties what is going wrong and what steps should be taken to fix it. It is also possible to inspect a pcap that someone else sends you, so even if you cannot capture the traffic yourself, you can ask the user to do so, and then you can inspect it for problems.I have also found that examing Wireshark output is an excellent way to improve your understanding of different protocols by watching them happen and looking at the contents of the packets.

I have used wireshark to examine TCP, BGP, DHCP, DNS, ARP and other protocols to see how things work and to reinforce things I have learned in books, and expand on the book knowledge to see more obscure aspects of these protocols like the flags they use.