Getting Started with Wireshark

Publish Date: Nov 07, 2014 | 2 Ratings | 4.00 out of 5 | Print | Submit your review

Table of Contents

  1. Introduction
  2. Installing and Launching Wireshark
  3. Getting Started with Wireshark
  4. TCP Communication between Host and Target using LabVIEW
  5. Summary

1. Introduction

Wireshark is a very powerful well featured packet analyzer. It captures packets and decodes them into their component parts for analysis. Although Wireshark is available for use on both UNIX and Windows systems, this guide focuses on its uses on machines running Microsoft Windows.


Back to Top

2. Installing and Launching Wireshark

  1. Navigate to and pick a download location.
  2. Select the latest version of Wireshark to install.
  3. Once the download is completed, double-click on the setup file to launch the installation.

    Figure 1: Wireshark Setup Wizard

  4. Once the installation is completed, navigate to Start » All Programs » Wireshark » Wireshark to launch the application.


Back to Top

3. Getting Started with Wireshark

Once installed, Wireshark can be used to capture packets that are being sent and received across the network. It can be used to capture and analyze packets being sent between a host PC and any Real-Time controllers such as Compact Fieldpoint (cFP), Compact Vision System (CVS), CompactRIO (cRIO), Real-Time PXI Controller to name a few. Wireshark will be used in this application to capture packets that are sent when communicating with a cRIO controller. The hardware and software needed for this guide are:


  • Any cRIO controller
  • Cross-over cable


  • LabVIEW Development Software
  • LabVIEW Real-Time module
  • NI RIO driver


Capturing Packets

To view at the different capture settings, click on Capture » Options. All the settable options are grouped in different functions.

Figure 2: Capture Options Box


Select Capture packets in promiscuous mode if you want to capture everything that your machine can see. If you only want to see packets in and out of your machine, leave this option unselected.

Limit each packet to allow you specify, in bytes, how much of each packet to specify. This is useful if you are interested in the header information only, and if you want to keep the file sizes small.


Capture Filters

  • Use File: to save the captured packets in a specified file.
  • Select Use multiple files if using more than one file to save the packets.
  • Use Ring Buffer With to specify the number of files to use for the capture.

In a Ring Buffer configuration, when one file is full, a new one starts. When the specified numbers of files are all full, capture begins to overwrite the files in sequence. This function is useful if you want to capture continuously but do not want to fill your hard disk.

Display Options

  • Select Update list of packets in real-time if you want to see the list of packets as they are captured.
  • Select Automatic Scrolling in live capture if you want the packet list to scroll.
  • Select Hide Capture Info Dialog if you want to view the capture info dialog.


Name Resolution

  • Select Enable MAC name Resolution to allow WIRESHARK to translate MAC addresses into names.
  • Select Enable network name Resolution to allow WIRESHARK to translate network addresses into names.
  • Select Enable transport name resolution to allow Wireshark to translate transport addresses into protocols.


It is worth mentioning that enabling name resolution can slow WIRESHARK down, thus increasing the risk of dropping packets.

To start capturing packets,

  1. Click on Capture on the menu and select Interfaces.
  2. This will lead you to select your interface card. For this application, select your LAN card since you will be connected to your cRIO controller using a cross-over cable.

Figure 3: Capture Interfaces Options Box

When you start capturing packets, the capture window shows the captured packets.


Figure 4: Wireshark Capture Window

There are currently no packets being transmitted across the network because the cRIO controller is still disconnected from the computer. The following steps guide you through configuring your cRIO controller and analyzing the packets being sent across the network.

  1. Power up the cRIO controller and toggle the IP Reset switch to reset the IP address.
  2. Connect the cRIO controller to the Host PC via a cross-over cable.
  3. Open Measurement & Automation eXplorer (MAX) by navigating to Start » All Programs » National Instruments » Measurement and Automation.
  4. Expand Remote Systems and make sure that you can detect the unconfigured cRIO controller. 

    Figure 5:  MAX Configuration Window

    MAX sends out UDP packets across the networks to detect remote devices, and this can be seen on the Wireshark capture window.

    Figure 6: Wireshark Capture Window

  5. Click on the Suggest Values button inside the IP Settings box and enter an IP address for your controller. 

    Figure 7: Assigning IP Address in MAX

  6. Click on the Apply button. Notice that the network is queried to make sure that there is no other system with the IP address of This can be seen on the Wireshark capture window

    Figure 8: Wireshark Capture Window showing UDP Packets

  7. Click on Capture » Stop or on the Stop button in the toolbar menu to stop capturing packets. You save the capture log by navigating to File » Save.

Once you stop capturing, the capture window still shows the captured packets. You can scroll through the list to find a packet you are interested in and click on it to see the details. The top pane shows a list of packets with times, addresses, protocols and summary information. The middle pane shows a detailed breakdown of any highlighted packet protocols, and the bottom pane shows the raw HEX and ASCII data in the packet. To view a packet in a separate window, click on View » Show Packet in New Window.

Another great feature of Wireshark is the Display Filters which allow you specify what type of protocols you want to see in the capture window. Click on Analyze » Display Filters to open the Display Filters box.  Double-click on any of the options and the opening screen will be filtered accordingly.


Back to Top

4. TCP Communication between Host and Target using LabVIEW

This section of the guide is intended to use Wireshark to analyze packets being sent from the cRIO controller and the Host PC using TCP/IP protocol. The following steps walk you through creating a LabVIEW project and setting up the entire application.

  1. Open LabVIEW 8.5 and create a new Project.
  2. Right-click on Project and select New » Target and Devices …
  3. Select Existing target or device is selected under Targets and Devices and expand Real-Time CompactRIO to find your controller. Once found, click OK to add it to your project. 

    Figure 9: Adding a Real-Time target to a LabVIEW project

  4. Add and to My Computer and CompactRIO targets respectively. These VIs are included in attached below. 

    Figure 10: LabVIEW Project Configuration

  5. Open both VIs, and enter the cRIO’s IP address in the Address control on the Front Panel of Leave all the other’s controls values as default. 

    Figure 11: Front Panel of

  6. Run first, then This example allows you to send data from the CompactRIO controller (Server) to the Host PC (client) using TCP/IP communication. Wireshark can once again be used to analyze the packets being sent across the network. 


    Figure 12: Wireshark Capture Window showing TCP Packets

  7. Right-click on any packet in the capturing window and select Follow TCP Stream to track the information being sent. This makes it easy to follow the traffic between two endpoints. 

    Figure 13: TCP Stream Window

  8. To obtain general statistics about the current capture file, click on Statistics » Summary. This gives you a general  breakdown of the data that is collected.

Figure 14: Summary Window


Back to Top

5. Summary

Wireshark is a powerful tool that can be used in a variety of ways to analyze packets being sent across the networks. It provides multiple features to better understand network communication between remote targets and host PCs.





Back to Top

Bookmark & Share




Rate this document

Answered Your Question?
Yes No