Network sniffing (also called packet capture or packet analysis) is the practice of intercepting and logging network traffic. Every packet that travels across a network can potentially be captured and examined. Security professionals use it for troubleshooting and auditing — attackers use it to steal data.
What Is Wireshark?
Wireshark is the most widely used network packet analyser in the world. It’s free, open-source, and used by network engineers, security researchers, and hackers alike. When you run Wireshark, it captures every packet your network interface sees — source IPs, destination IPs, ports, protocols, and payload data.
What a Sniffer Can Capture
- Unencrypted HTTP traffic — full URLs, form data, passwords sent over HTTP
- DNS queries — every domain you look up
- IP addresses and ports of every connection you make
- Email content if sent unencrypted (rare now but still exists)
- Metadata of HTTPS traffic — can see which sites you’re visiting even if not the content
What Encryption Protects Against Sniffing
HTTPS (TLS) encrypts the payload — a sniffer can see you connected to google.com but can’t read what you searched. A VPN goes further: it hides even the destination IP addresses, because all traffic appears to go to the VPN server. On a VPN, a local network sniffer sees only encrypted traffic going to one IP.
Who Can Sniff Your Traffic?
- On your home network: Anyone with physical access to your router or a device on your network
- On public Wi-Fi: Anyone on the same network with a laptop running Wireshark
- Your ISP: Can see all unencrypted traffic and DNS queries
- Employers: On corporate networks with monitoring software
How to Protect Yourself
- Only use HTTPS sites (check for padlock in address bar)
- Use a VPN on public or untrusted networks
- Use DNS over HTTPS (DoH) to encrypt DNS queries
- Avoid sensitive activities on shared or public networks