Wireshark/Capture filter
Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a capture filter.
Readings
[edit | edit source]Preparation
[edit | edit source]To prepare for this activity:
- Start Windows.
- Log in if necessary.
- Install Wireshark.
Activity 1 - Capture Network Traffic Using a Capture Filter
[edit | edit source]To capture network traffic using a capture filter:
- Select either the Capture menu and then the Interfaces dialog box or the List the available capture interfaces toolbar button.
- Select Options.
- Double-click on the interface you want to use for the capture.
- In the Capture Filter box type host 8.8.8.8.
- Select OK to save the changes.
- Select Start to start a Wireshark capture.
- Use ping 8.8.8.8 to ping an Internet host by IP address.
- Use ping 8.8.4.4 to ping an Internet host by IP address.
- Observe that only traffic to (destination) or from (source) IP address 8.8.8.8 is captured.
- Stop the Wireshark capture.
- Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.