Analyzing network connections with Wireshark

Last edited on


Sometimes an application does not work as intended, and the network communication may be one of the suspected causes.

To investigate the network communication of an application one can use tools that capture network packets. One such tool is Wireshark .

In this article we will demonstrate how to use Wireshark to capture network packets for inspection by, for example, the developer of an application. In particular we will be using the Squish GUI Tester floating license server and its client as an example.


For Windows and macOS, you can download Wireshark at , and for Linux it can usually be installed via the package manager of the Linux distribution.

If the installer asks if one wants to grant access to regular users for capturing of packages. One can refuse this, but then one needs to start the application as an administrator/with elevated rights for it to be able to capture network packets.


When first launching Wireshark, it will looks somewhat like this:

Here all the network devices that the current computer has can be seen. Here one must select the network interface that the packet for the license server will go through.

Normally that is either the Ethernet or the WiFi interface, depending on how the computer is connected to the network.

If the current user account has no network monitoring rights, one will only see a few virtual interfaces here. If no actual network hardware interfaces are shown here, one may need to grant ones these rights, or contact the system administrator.

If in doubt, please select all interfaces available for capturing.


To capture only the packets from the license server, one needs to setup a filter in this field:

The ideal filter for this:

        tcp port PORT_NUMBER

In this, "PORT_NUMBER" must be replaced with the desired numeric port number, for example in case of the license server it may be "49345" (the default of the license server, but the specific license server setup may use a different TCP port).

Collecting Network Packets

To start collecting network packets, click on the blue shark fin on the toolbar or press Ctrl+e.

To stop collecting network packets, click on the red square next to the shark fin, or press Ctrl+e again.

When starting collecting network packet, the UI will change to look somewhat like this:

When packets have been collected, new lines will be added to the list.

Now that collecting network packets is enabled, one should try to repeat the failing activity, or contact the license server again (to stick to our example here), by running the part of the Squish setup again where the license issues occurs, and check to see if packets show up in the list.

After this, the collected network packets can be saved via Ctrl+s or the File menu in File > Save. (This will only save the packet that are visible in the list at that point in time.)