I used Wireshark, a network packet analyzer, to capture my network traffic when I visit tigeo.com (IP address: 76.80.65.6) from a virtual private network (26.26.26.1).

You can find your WiFi&VPN IP address by clicking the dashboard setting-network if you are using Mac, and find the IP address of the site you want to check by the following code in the terminal.

nslookup tigoe.com
Server:		26.26.26.53
Address:	26.26.26.53#53

Non-authoritative answer:
Name:	tigoe.com
Address: 208.113.163.141

<-please contact me to delete that if this IP address is private->

In this blog, I would try to document the steps I went through to capture the target records and how this process helps me to understand networks better.

  1. Find the network you want to capture

    When I did that first time I chose the Wi-Fi: en0 because it’s the first one, and find no records related to my chrome's events. Then under the help of Tom I realized I should chose my virtual private network to see those records. So if you are also using something like VPN, be sure to check the diagram in landing page and try those networks with ECG.

  2. Highlight rows in the detailpage

The highlight rows are marked packet text, which appearance could be checked and customized in Preferences | Appearance | Font and Colors. Looking into the highlight records, I found the address I interacted with back and forth was apache2-dap.henry.dreamhost.com (208.113.163.141) == tigoe.com's IP address

  1. Using filters

More tips about using filters and other helpful tips: Wireshark Tutorial and Cheat Sheet, Wireshark_Tutorial. Also you can find some of that in the dashboard of Wireshark: Capture|Capture Filters...

By using the IP address I looked up in the terminalip.addr == 76.80.65.6, I got nothing, why? Because I misspelled his name. Then I used apache2-dap.henry.dreamhost.com (208.113.163.141) as the keyword, found 90 rows between my VPN (26.26.26.1) and apache2-dap.henry.dreamhost.com (208.113.163.141).