Wireshark/Display filter

< Wireshark

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings

  1. Wireshark: Display Filters

Multimedia

  1. YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Network Traffic

To capture network traffic:

  1. Start a Wireshark capture.
  2. Use ping 8.8.8.8 to ping an Internet host by IP address.
  3. Stop the Wireshark capture.

Activity 2 - Use a Display Filter

To use a display filter:

  1. Type ip.addr == 8.8.8.8 in the Filter box and press Enter.
  2. Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.
  3. Click Clear on the Filter toolbar to clear the display filter.
  4. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References

This article is issued from Wikiversity - version of the Thursday, March 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.