Wireshark/Display filter

From Wikiversity
Jump to navigation Jump to search

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings[edit]

  1. Wireshark: Display Filters

Multimedia[edit]

  1. YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation[edit]

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Network Traffic[edit]

To capture network traffic:

  1. Start a Wireshark capture.
  2. Use ping 8.8.8.8 to ping an Internet host by IP address.
  3. Stop the Wireshark capture.

Activity 2 - Use a Display Filter[edit]

To use a display filter:

  1. Type ip.addr == 8.8.8.8 in the Filter box and press Enter.
  2. Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.
  3. Click Clear on the Filter toolbar to clear the display filter.
  4. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References[edit]