diff --git a/slides/debugging-common-tools/debugging-common-tools.tex b/slides/debugging-common-tools/debugging-common-tools.tex
index 2062cf49c0..189c1639dc 100644
--- a/slides/debugging-common-tools/debugging-common-tools.tex
+++ b/slides/debugging-common-tools/debugging-common-tools.tex
@@ -627,3 +627,36 @@ \subsection{Networking observability tools}
       \includegraphics[height=0.80\textheight]{slides/debugging-common-tools/bpf-capture.pdf}
   \end{columns}
 \end{frame}
+
+\begin{frame}{Wireshark}
+  \begin{itemize}
+  \item Similar to tcpdump, but with a GUI
+  \item Also based on libpcap
+    \begin{itemize}
+    \item Can capture and use the same BPF capture filters
+    \item Can load and save the same file formats
+      \begin{itemize}
+      \item Useful for embedded: capture on the target with tcpdump,
+        analyze on the host with Wireshark
+      \end{itemize}
+    \end{itemize}
+  \item Has {\em dissectors} to decode hundreds of protocols
+    \begin{itemize}
+    \item Each individual value from each packet is dissected into a
+      separate field
+    \item Fields are very fine-grained, at least for the most common
+      protocols
+    \end{itemize}
+  \item Has {\em display filters} that allow filtering {\em already
+    captured} packets
+    \begin{itemize}
+    \item Each dissected field is also a filter key
+    \end{itemize}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}{Wireshark}
+  \begin{center}
+    \includegraphics[height=0.88\textheight]{slides/debugging-common-tools/wireshark.png}
+  \end{center}
+\end{frame}
diff --git a/slides/debugging-common-tools/wireshark.png b/slides/debugging-common-tools/wireshark.png
new file mode 100644
index 0000000000..7bdddb9fe6
Binary files /dev/null and b/slides/debugging-common-tools/wireshark.png differ