Wireshark is the most widely used GUI network protocol analyzer — capturing live traffic or opening PCAP files, dissecting hundreds of protocols, and filtering with display filters.
Key Wireshark filters: 'tcp.flags.syn==1' (SYN packets), 'http.request.method==GET', 'dns', 'tls.handshake'. Follow TCP/TLS streams to reconstruct conversations. Can decrypt TLS with session keys or pre-master secret logging.