how to use wireshark to capture packets

Latest reply: Feb 14, 2019 13:40:13 5963 1 0 0

Procedure

1. Double-click the shortcut icon en-us_image_0093019005.png to start Wireshark.

The Wireshark home page shown in Figure 1 is displayed.

Figure 1 Wireshark home page

en-us_image_0093018936.png


2. Choose Capture > Option.

The window shown in Figure 2 is displayed.

Figure 2 Capture Options window
en-us_image_0093019082.png



Capture

  • Interface

    This parameter is used for selecting the NIC for packet capturing.

    • Capture Filter

      This parameter is used for setting filter criteria. After setting the filter criteria, Wireshark captures only the packets that meet the filter criteria. For example, if you enter host 10.138.5.10 in the box, only the packets sent and received by the host whose IP address is 10.138.5.10 are captured.

      This parameter allows users to set simple filter criteria. Table 1 lists typical filter criteria types.

      Table 1 Filter criteria types for Capture Filter

      To Capture...

      Enter...

      Packets whose MAC address is 08:00:08:15:ca:fe

      ether host 08:00:08:15:ca:fe

      Packets whose IP address is 192.168.0.10

      host 192.168.0.10

      Packets whose TCP port number is 80 between the local host and other hosts

      tcp port 80

      Packets sent and received by the host whose IP address is 192.168.0.10 except for HTTP packets (packets whose TCP port number is 80)

      host 192.168.0.10 and not tcp port 80

  • Capture File(s)

    This parameter is used for storing the captured packets in a file. Ensure that the storage path has sufficient space.

  • Display Options
    This parameter is used for setting whether to display packet capturing results in real time.
    • If Update list of packets in real time is selected, you can view the list of captured packets in real time.
    • If Automatic scrolling in live capture is selected, the captured packets are displayed in auto scroll mode.
    • If Hide capture info dialog is not selected, packet capturing statistics including the number of each type of captured protocol packets and the capture progress are displayed in real time, as shown in Figure 3.
      Figure 3 Real-time packet capturing statistics
      en-us_image_0093018989.png


3. Click Start.

Wireshark starts to capture packets. The Wireshark home page displays the information about each packet, as shown in Figure 4.

Figure 4 Wireshark home page
en-us_image_0093019019.png

4. Choose Capture > Stop.

Wireshark stops capturing packets.


5. Choose File > Save As.

The Wireshark: Save File As window is displayed. Enter the file name and set the file storage path as prompted.


6. Click OK.

The captured packets are saved.


7. Choose File > Quit to exit Wireshark.


  • x
  • convention:

Mohamed_Ayed
Created Feb 14, 2019 13:40:13 Helpful(0) Helpful(0)

good steps
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login