We can see that during the capture, there are various kinds of packets (protocols) that are captured and we need to focus on some specific packets.
Packet filtering is a very essential feature. We have seen how Wireshark captures packets in real time and displays them on the interface now let’s see how to filter these packets. Wireshark packet capture color coding (Click to Enlarge) Figure 1 shows the interface list and the options to start the capture.įigure 2. Now based on the amount of network traffic, the packets will be captured and listed on the interface in real time for analysis. We can decide on this function from the options button in the Capture Interfaces list and start the process of capturing the packets. Promiscuous mode if enabled (enabled by default) allows Wireshark to capture all the packets it can over the network, else only packets to and from the machine running Wireshark will be captured. Before starting the capture on the network, we should also specify whether we want to capture packets in promiscuous mode or not. Interface list displays all the interfaces present on the machine so we can choose the one(s) we want to listen on. Let’s dive deep into this fantastic tool and understand some of its features:Īfter installing the application and starting it, the first thing to do is to choose the Interface(s) to start with.
Wireshark requires winpcap (packet capture and filtering engine) for its capture and analysis functions, although it comes along with the default installation of Wireshark. Previously known as ‘Ethereal,’ Wireshark presents the user with a rich GUI that has easy-to-implement features and makes the process of packet analysis simple, even for a novice.
Many packet sniffers are available out there and all of them provide different features but Wireshark stands out from the rest due to its rich set of features and easy to use interface.
0 kommentar(er)
