Skip to content

Using Wireshark to monitor TAN traffic

Wireshark is a tool that can be used to monitor traffic on a network. It can be used to monitor traffic within a TAN.


The following items are required to make use of this guide:

  • A Control Service environment
  • At least two configured Endpoints
    • Both endpoints should be able to ping and transfer data
  • Wireshark
  • Network traffic generator, such as iperf3


See "Test connectivity" to confirm connectivity between two endpoints.

Monitor traffic with Wireshark

  • Run Wireshark.
  • Double-click on a network interface to start monitoring traffic.

    A capture filter may be specified, though using display filters is likely to be more flexible.

    Choose an interface to monitor


    Monitor a local ethernet or wireless interface, such as enx00e4cd513f1 or wlp0s20f3 in the screenshot, to capture a broad range of traffic, including traffic specific to Connect.

  • When the capture has started, the display will show packets being captured: Wireshark capturing packets

  • The captured packets may be filtered using a display filter:

    The display filter text box

    To view traffic to and from an Endpoint, use ipaddr == <address>. The exact address to be used will depend on the host to be monitored and can be found in the Control Service web interface.

Refer to the Wireshark documentation for a more in-depth explanation of display filters and analysing traffic.

Generate traffic with iperf3

The iperf3 utility can be used to generate traffic between two Endpoints via the TAN.

Choose an Endpoint to act as the server, and another to act as the client.

Run iperf3 on the server Endpoint:

iperf3 -s

The output will show:

Server listening on port <port>

Make a note of the listening port <port>.

Run iperf3 on the client Endpoint:

iperf3 -c <TAN Address> -p <port>

Replace <TAN Address> with the TAN address of the Endpoint acting as server, and <port> with the port number shown by the server.

This will generate random traffic for 10 seconds, which will be visible in the network trace. The iperf3 documentation describes how to modify the traffic profile.