# How to use WireShark

WireShark is a helpful tool for capturing network traffic in real-time. It helps us identify and diagnose issues more clearly, such as which ports are causing problems or analyzing data packets, including their source, destination, protocol, and content. We have put together an easy tutorial on how to use WireShark, let's begin!

1

#### Download & Install WireShark <a href="#download-and-install-wireshark" id="download-and-install-wireshark"></a>

In the majority of cases, you will only need to use this tool when having issues connecting to your server through RDP.

* Go to the [WireShark website](https://www.wireshark.org/download.html) and click "Download" on the top navigation bar.

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252F7BurPgmU5iiH62uPDFs6%252Fimage.png%3Falt%3Dmedia%26token%3D351c2500-574b-416c-aa16-a2aace7549ff&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=18a106a&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* Locate the "Stable Releases: 4.4.2" list and select [Windows x64 Installer](https://2.na.dl.wireshark.org/win64/Wireshark-4.4.2-x64.exe).

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252FNUXYFUbnWEk7TZdHaJkH%252Fimage.png%3Falt%3Dmedia%26token%3Dcbcbeb5e-1979-4ba5-a0c5-2c6a85e72cc0&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=8e8051cc&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* Open the .exe file.
* A prompt will appear asking if you would like WireShark to make changes to your device, simply click "Yes".
* The installer .exe will open, click "Next", read through their TOS and select "Noted", then continue to click "Next" until you are presented with "Install", click it then wait for the program to install.
* Click "Next" then "Finish"

2

#### Capturing & Recording Network Traffic <a href="#capturing-and-recording-network-traffic" id="capturing-and-recording-network-traffic"></a>

You have now installed WireShark, now how do you use it?

* Open the program
* A prompt will open for admin-mode, always click "Yes".
* You will be presented with the following:

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252FAhSCCHGMqNJk2ip1ki0w%252Fimage.png%3Falt%3Dmedia%26token%3D1da3893c-007d-4abe-884a-f0674cc9595d&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=e9acc770&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* In the filter textbox, write: host \[your server IPv4 address]
* Proceed to double-click the network connection you are using \[typically Wifi if you are not using an ethernet cable].
* A new window will open for the recorder that is capturing the network traffic.

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252FjhlhlCHF0S5riyQuubDu%252Fimage.png%3Falt%3Dmedia%26token%3D3e520989-f49e-4ed1-ba74-1b7f4e05f8ea&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=595a9a0e&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* After this step with the recorder open, attempt the task that is causing problems.
  * If it is connecting to your server, attempt to connect through RDP.
* After you have attempted the task that is causing problems, like attempting to connect to your server through RDP, allow about 5 seconds, and then click the red square "Stop" button on the top left corner.

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252F4C9l3L9stcxucT3HkRUH%252Fimage.png%3Falt%3Dmedia%26token%3D4a9da6d7-a8a8-49ec-8356-3585d32bd239&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=800060a2&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* Click "File" and "Save as", name the file and click "Save".

<figure><img src="https://docs.1of1servers.com/~gitbook/image?url=https%3A%2F%2F1147474650-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FeumEUQOkJ3WJyd55eMi8%252Fuploads%252F2mm4uWR5TCwEdexJkMxb%252Fimage.png%3Falt%3Dmedia%26token%3D1683546e-9bb9-451d-ab22-c76a05e2aa2f&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=9a89618f&#x26;sv=2" alt=""><figcaption></figcaption></figure>

Send us the saved .pcapng file in your Discord ticket.

You can now open the file and view the network traffic, protocols that were run, and their sources and destinations.

Problems will be identified and highlighted in red for when a protocol fails, this is what we are looking for to resolve!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snghosting.com/windows-server/how-to-use-wireshark.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.