diff --git a/_gtfobins/wireshark.md b/_gtfobins/wireshark.md
new file mode 100644
index 0000000..55cfc9f
--- /dev/null
+++ b/_gtfobins/wireshark.md
@@ -0,0 +1,18 @@
+---
+functions:
+  sudo:
+    - description: |
+        This technique can be used to write arbitrary files, i.e., the dump of one UDP packet.
+
+        After starting Wireshark, and waiting for the capture to begin, deliver the UDP packet, e.g., with `nc` (see below). The capture then stops and the packet dump can be saved:
+
+        1. select the only received packet;
+
+        2. right-click on "Data" from the "Packet Details" pane, and select "Export Packet Bytes...";
+
+        3. choose where to save the packet dump.
+      code: |
+        PORT=4444
+        sudo wireshark -c 1 -i lo -k -f "udp port $PORT" &
+        echo 'DATA' | nc -u 127.127.127.127 "$PORT"
+---