How to capture network traffic with Wireshark

This note introduces how to install and configure Wireshark to capture network traffics of following protocols:

This note uses Windows, it should work similary for macOS and Linux.

Install Wireshark

Download Wireshark from https://www.wireshark.org/ and install, use default install options.
On Windows, the Wireshark installer would launch the NPcap automatically, follow the installer and install NPcap with default options.

Open File Explorer, goto C:\, create a folder named temp if not found.
Hit the Windows key on your keyboard, and type env, open the Edit the system environment variables control panel item.
- Click on the Environment Variables... button at bottom - an Environment Variables dialogue appears.
- On the top half of that dialogue (User Variables) - click New....
- An input box appears, in the Variable Name field enter: SSLKEYLOGFILE.
- In the Variable Value field enter C:\temp\http-keys.log.
- Click on OK - you should see the new variable in the list.
- Click on OK to close the Environment Variables dialogue.
- Click on OK to close the System Properties dialogue.
Launch Wireshark, in the Preferences
- Goto Protocols -> TLS, In the Pre-Master Secret log filename box, enter C:\temp\https-keys.log
- Click OK and close the dialogue.
Now restart Windows so that the SSLKEYLOGFILE environment variable can take effect.

Launch Wireshark.
Double click a network adapter (usually Enternet or Wi-Fi) in the Welcome screen.
Click the first icon on the left side of the toolbar to start a capture.
Launch your browsers or applications, take actions.
Go back to Wireshark and click the red square icon to stop capturing.
Optionally, enter a filter such as Kerberos then click the right arrow button on the right side of the filter box to apply a filter.

Select an entry in the list then clear the filter, the entry would remain selected after list refreshed.
Now you can inspect the captured network traffic, or save the capture as a file.