Wireshark – commands that I always use

ip.addr ==

I always use this to quickly filter the ip address, I focus on. what transactions is related to it.

ip.dst / ip.src

If I know the destination and source Ip address, that is the command. I can narrow it down the flow.

ip.flags.syc == 1 && ip.flags.ack == 1

As we know, TCP got 3 way handshake. With this command, you can quickly to find out, what TCP connection has been established.

With “Filter button preference” You can add a short cut with your Filter. Which mean you don’t need to type it every single time. It is

tcp.analysis.flags

In Linux,

Normally I will need to use “TCPDUMP” in ubiquiti access point. As they are running Linux, So I will use “tcpdump net 192.168.x.x /24 ” or “tcpdump host x.x.x.x” or “tcpdump -i br0.20” for troubleshooting network issues.

Sometime, internet speed is slow, can’t get an IP address, or to test the connectivity as I can see real time monitoring.