I find Wireshark pretty hard to figure out, so here's a quick way to get started:
- Capture > Options > WiFi, and click on the Start button in the lower right corner. Or, on the Wireshark Welcome page just double click Wifi. Loopback is for listening on localhost.
- In your browser, navigate to some website, like google.com
- You will see a massive amount of data scroll by in the Wireshark window.
To make sense of all the data:
- Make sure View > Colorized Packet List is checked.
- To display only the http lines, there is a text input right above the data window that says: Apply display filter. Type in: http. Then on the far right of the tex input click the blue arrow to apply the display filter. You can get as specific as you want with a display filter. There are also some default display filters that you can access from a drop down list by clicking the blue icon to the left of the text input.
- Then double click on one of the displayed http lines in the main window, and in the popup window start expanding the disclosure triangles.
- In the bottom pane where the hexdump is displayed, you can right click the pane and choose between hex and binary format. On the right hand side of the hexdump pane, you can see the text; periods represent non printing characters. If you hover over one of the periods, the hex/binary representation on the left side will be highlighted.
- To clear the display window, in the Wireshark toolbar click on the third icon from the left: a green shark fin.