How to use Wireshark to see internet traffic?

How to check a website in Wireshark?

Wireshark is a network protocol analyzer, which can capture data from the internet and present it in human readable text format.

It has many features and allows you to extract and filter different types of data. I recently asked a question on how to detect if a website's html/javascript code redirects to another website.

In this article, I will demonstrate how to capture and display web content using Wireshark. The script below is the one used to capture the site. It uses cURL to get the webpage response and displays the HTML page source in a human readable text format using the Wireshark console.

The steps to test for website redirection. Open the cURL script that is used to capture the website page response in Wireshark. Start Wireshark and make sure the capture is running (View menu > Preferences > Capture and Playback). From the capture menu choose File > New. Then select tcp or udp and check if http or https is selected.

Under Filters, type https, this will match all pages that have https instead of http as the protocol. To capture only specific URLs on the web page, you may create more than one capture filter for the http/https protocol, but in our case, we will just use the simple https filter we created. Filter the capture with the cURL script so that only the web page is displayed. Click on Run then you should see a new frame appear on the left window. This represents the HTTP headers including cookies, connection information, and the web page that is requested. The script is now ready to be inspected.

In Wireshark, right-click on the frame of the web page and click Follow TCP Stream. This will start the traffic capture process again and display the frame in the left window showing the captured response.

In the Wireshark console, the browser window should be opened automatically where you can type commands to change frames, columns, and other settings. Now let's follow the https redirection by typing in the URL of the first website you want to test. For example, type www.google.com and press Enter key.

If a 302 code is returned to the browser, the Wireshark capture will display a new frame.

How can I monitor what websites are being visited?

Can I be more precise in what domains it is my child accessing, and at which time?

Is this possible to block, at least for a part of my child's internet activity? I use Google chrome browser. Thanks. You can't block sites with your browser. The best way to monitor web activity is to set up a regular schedule. At the end of the day turn on the computer and monitor the sites the child visited as soon as you get home. That way there is very little chance of missing anything important. Keep a log of any unusual activity such as time, pages, length of visits and repeat visits. When the child gets older, have your child tell you what they were doing on the computer. Also look at installed applications to see if any are running in the background.