The Wireshark is the Network analyzer tool where you can check the traffic, and you can get to know what the packets are transferring from your WAN to LAN. This is a great tool to dissect the traffic, and you can analyze it further. HTTP traffic is not encrypted, so you can see the actual username and password. But in case of the encrypted traffic i.e, SSL/TLS traffic, every packet you see is Gibberish, you cannot read the content and that is because of SSL/TLS handshake where the certificate is exchanged and the client and server exchange their Encrypted cipher suites, and they agree upon to use the algorithm and for the session, the same algorithm would be used further.
In a NUTSHELL, Wireshark works on the dissector and that too will work when you install the Wireshark and the installation suites asked to install the NCAP Drivers so that the network card integrates with the Wireshark mechanism and the software is ready to dissect and map the traffic between your LAN TO WAN.
Wireshark could be useful in so many ways such as checking the number of conversations that each system is doing. When we say about the Name Resolution, it is basically the same as the DNS where every IP converts into some naming conventions. Now, this process comes into the picture whenever you get so much traffic, and you wanted to figure out by which system the server is communicating the most by checking the bytes size and the number of packets transmitted you can filter out the sessions. By default, Wireshark does not make the feature available.
Below are the steps that you need to follow to enable the Name resolution.
Step 1: Open the Wireshark On macOS:
Wireshark → Preference:
Step 2: Go to Preferences →Name Resolution.
Step 3: Enable ‘Resolve Transport Name’ and ‘Resolve Network (IP) addresses
Step 4: To confirm if it is working or not you can start the Packet Capture (PCAP) go to Statistics.
Statistics → Conversations
Step 5: Once you capture the traffic you would be able to see the ‘Name Resolution’ option in the Conversations window. If the above settings not working then, ‘Name Resolution’ would be Greyed out.
Step 6: You will be able to see the Name resolution of every packet that is being captured.