`Wireshark <https://www.wireshark.org>`_ (originally named "Ethereal") is a network packet analyzer that captures network packets and displays the packet data as detailed as possible. It uses WinPcap as its interface to directly capture network traffic going through a network interface controller (NIC).
You could think of a network packet analyzer as a measuring device used to examine what is going on inside a network cable, just like a voltmeter is used by an electrician to examine what is going on inside an electric cable.
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is released under the terms of the GNU General Public License, which means you can use the software and the source code free of charge. It also allows you to modify and customize the source code.
It will not warn you if there are any suspicious activities on your network. However, if strange things happen, Wireshark might help you figure out what is really going on.
Wireshark does not send packets on the network or influence it in any other way, except for resolving names (converting numerical address values into a human readable format), but even that can be disabled.
In the above script, the parameter ``$1`` represents NIC and ``$2`` represents channel. For example, ``wlan0`` in ``./xxx.sh wlan0 6``, specifies the NIC for packet capture, and ``6`` identifies the channel of an AP or Soft-AP.
**b) Run the Shell Script to Open Wireshark and Display Capture Interface**
Click the *Expression* button to bring up the *Filter Expression* dialogue box and set the filter according to your requirements.
..figure:: ../../_static/ws-filter-expression.png
:align:center
:alt:*Filter Expression* Dialogue Box
:figclass:align-center
:width:80%
*Filter Expression* Dialogue Box
**The quickest way**: enter the filters directly in the toolbar.
..figure:: ../../_static/ws-filter-toolbar.png
:align:center
:alt:Filter Toolbar
:figclass:align-center
Filter Toolbar
Click on this area to enter or modify the filters. If you enter a wrong or unfinished filter, the built-in syntax check turns the background red. As soon as the correct expression is entered, the background becomes green.
The previously entered filters are automatically saved. You can access them anytime by opening the drop down list.
For example, as shown in the picture below, enter two MAC addresses as the filters and click *Apply* (the blue arrow). In this case, only the packet data transmitted between these two MAC addresses will be captured.
:alt:Example of MAC Addresses applied in the Filter Toolbar
:figclass:align-center
Example of MAC Addresses applied in the Filter Toolbar
**e) Packet List**
You can click any packet in the packet list and check the detailed information about it in the box below the list. For example, if you click the first packet, its details will appear in that box.
..figure:: ../../_static/ws-packet-list.png
:align:center
:alt:Example of Packet List Details
:figclass:align-center
Example of Packet List Details
**f) Stop/Start Packet Capture**
As shown in the picture below, click the red button to stop capturing the current packet.
By default, Wireshark saves the captured packet in a libpcap file. You can also save the file in other formats, e.g., txt, to analyze it in other tools.