diff --git a/README.md b/README.md
index c9c4cf5..285800a 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,15 @@ You can also login with one of the example accounts, e.g. `alice.doe` and passwo
 **NB** nginx is setup with a self-signed certificate that you have to trust before being
 able to access the local Nexus home page.
 
+## Network Packet Capture
+
+You can easily capture and see traffic from the host with the `wireshark.sh`
+script, e.g., to capture the traffic from the `lo` interface:
+
+```bash
+./wireshark.sh nexus lo
+```
+
 # Notes
 
 ## Check for a component existence
diff --git a/wireshark.sh b/wireshark.sh
new file mode 100755
index 0000000..d5fe8e1
--- /dev/null
+++ b/wireshark.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+set -euox pipefail
+
+vm_name=${1:-nexus}; shift || true
+interface_name=${1:-lo}; shift || true
+
+mkdir -p shared
+vagrant ssh-config $vm_name >shared/$vm_name-ssh-config.conf
+exec wireshark \
+    -o "gui.window_title:$vm_name $interface_name" \
+    -k \
+    -d 'tcp.port==6001,http' \
+    -d 'tcp.port==6002,http' \
+    -d 'tcp.port==6003,http' \
+    -d 'tcp.port==8081,http' \
+    -i <(ssh -F shared/$vm_name-ssh-config.conf $vm_name "sudo tcpdump -s 0 -U -n -i $interface_name -w - not port 22")