It’s often more helpful to capture packets using
tcpdump rather than
wireshark, as it is available as a package in most Linux and BSD package managers. For example, you might want to do a remote capture and either don’t have GUI access or don’t have Wireshark installed on the remote machine.
Older versions of
tcpdump truncate packets to 68 or 96 bytes. If this is the case, use -s to capture full-sized packets: