How to Use Wireshark for Network Diagnostics
✅ Step 1: Install Wireshark
•Download from https://www.wireshark.org
•Install with default settings. It may also install WinPcap or Npcap, which are required for packet capture.
NB:- Ensure your IT network infrastructure example Firewalls/Antivirus etc. allows the Wireshark trace
✅ Step 2: Start a Capture
1. Ensure that the network adaptor IP address is the same range as of the device traffic you want to capture.
2. Open Wireshark
3. Select the network interface (e.g., Ethernet or Wi-Fi) you want to monitor.
4. Click Start Capturing Packets (the blue shark fin icon).
✅ Step 3: Reproduce the Issue
•Perform the action or wait for the issue to occur (e.g., device fault or communication drop).
•Wireshark will capture all network traffic during this time.
✅ Step 4: Stop and Filter the Capture
•Click the red square to stop capturing.
•Use filters to narrow down the data. Examples:
•ip.addr == 192.168.1.10 – traffic to/from a specific device.
•modbus – if using Modbus protocol.
•tcp.port == 502 – common for Modbus TCP.
✅ Step 5: Analyze the Traffic
•Look for:
•Retransmissions or timeouts (indicates network issues).
•Malformed packets or protocol errors.
•Missing acknowledgments or connection resets.
✅ Step 6: Save and Share
•Save the capture file (.pcapng) and share it with your support team for deeper analysis.
Released for:Schneider Electric Indonesia
