Wireshark/Display filter

From Wikiversity
Jump to navigation Jump to search

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings[edit | edit source]

  1. Wireshark: Display Filters

Multimedia[edit | edit source]

  1. YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation[edit | edit source]

To prepare for this activity:

  1. Start your system Linux or Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Network Traffic[edit | edit source]

To capture network traffic:

  1. Start a Wireshark capture.
  2. Use ping to ping an Internet host by IP address.
  3. Stop the Wireshark capture.

Activity 2 - Use a Display Filter[edit | edit source]

To use a display filter:

  1. Type ip.addr == in the Filter box and press Enter.
  2. Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address is displayed.
  3. Click Clear on the Filter toolbar to clear the display filter.
  4. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References[edit | edit source]