How to Identify Attacks Using Wireshark

By Jim Campbell

Updated September 28, 2017

Wireshark software captures network traffic and displays a color-coded chart of that traffic, making it more convenient for system administrators to detect network attacks. Some attacks are more subtle than others are, but you can use Wireshark to identify hacking attempts on your network. Examine the color-coded results – for example, red indicates the need for immediate attention – and then use this tool to further investigate potential threats to your network.

Launch the application software on your desktop and click "Capture" in the main menu. Click "Interfaces" to open a configuration window. Click the "Start" button next to your network card to start the capture service.

Review the network traffic displayed on the screen. Each packet is shown in the results window. You can double-click a packet for further information about that packet. Viewing these details can help you ascertain whether the nature of the request is benign, such as a user viewing a Web page, or malicious, such as a Denial of Service (DoS) attack on your server.

View the packets shown in red, which may indicate DoS attacks or other hacking activities. DoS attacks are problematic because they flood servers from spoofed IP addresses, causing severe performance hits until the server eventually crashes.


Possible attacks display the MAC and IP addresses for the computer that initiated the data packet. Use this information to track down a computer instigating attacks against your network.