Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Use wireshark to capture ...

Use wireshark to capture packets

Latest reply: Dec 29, 2018 09:30:00 2465 9 10 0 0
display all floors 1#

Hi, everyone! Today I’m going to introduce how to use Wireshark to capture packets.

After the software is started, the buttons in the red box are as follows from left to right:
-The list displays the network packages of all network adapters, which are seldom used.
-Display packet capture options. Generally, you can click this button to start capturing packets.
-Start new packet capture. Generally, few packets are used.
-Stop capturing packets. After you capture packets, it is stopped.
-Clear the captured packets to prevent the device from changing the card when the packet capture time is too long.
In fact, we only need to know the functions of the buttons in bold to capture packets. The rest is how to capture the data packets you want and how to analyze the problems.

154447ykzkxr15ettbtiix.png

In the following figure, the page for capturing packets is the second button. In the same way, only the most commonly used functions are described. In the following figure, the red box in the following figure is the network adapter to be captured, after you select a network adapter, the IP address of the network adapter is displayed.
Capture Filter is the place where packet capture rules are to be written. It is also called “ filtering rule ”. Many rules are written in this frame. After the rules are written, click Start to capture packets.

154522f2u3uk3dmub252b3.png

After capturing packets, if you need to analyze the captured packets, choose File > Save As to save the captured packets, as shown in the following figure.

154535kcjlp00hunnj0ahh.png

OK, here, the basic use of the method is finished, then step into the key content.

The most common problem when Wireshark is used is that when you use the default settings, a large amount of redundant information is generated, which makes it difficult to find the required part. That's why the filter is so important. They can help us quickly find the information we need in the complex results.

Differences between filters
Capture filter (CaptureFilters): It is used to determine what information is recorded in the capture result. Set this parameter before starting capturing.
Display filter (DisplayFilters): Perform detailed search in the capture result. They can be modified at will after the capture results are obtained.
So what kind of filter should I use?

The purposes of the two filters are different.
The capture filter is the first layer of filter that data passes through. It is used to control the number of captured data to avoid large log files.
The display filter is a more powerful (complex) filter. It allows you to quickly and accurately find the required records in the log file.

If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:

Like (10) Dislike (0) Favorite(0) Share Report
Previous: Users Frequently Go Offline After Passing MAC Address Authentication
Next: Basic Commands for Configuring IS-IS
yiyi0519
Created Dec 21, 2018 08:37:54

when you deal with the network issue, the wireshark is very helpful
View more
  • x
  • convention:
Hain
Created Dec 21, 2018 08:58:53

I come to the forum to see technical posts every day, sooner or later I will become an expert.Use wireshark to capture packets-2825953-1
View more
  • x
  • convention:
Yolanda_617
Created Dec 21, 2018 09:36:07

Very helpful
View more
  • x
  • convention:
3li
Created Dec 21, 2018 15:00:34

Thanks you
View more
  • x
  • convention:
3li
Created Dec 21, 2018 15:01:08

Its hard
View more
  • x
  • convention:
user_2915719
Created Dec 22, 2018 05:49:39

Clear tutorial of using, you should try to write about some advanced functions Use wireshark to capture packets-2827111-1
View more
  • x
  • convention:
MR.HTC
Created Dec 25, 2018 17:54:31

It's useful
View more
  • x
  • convention:
dagui
Created Dec 27, 2018 07:31:26

Capture Filter is the place where packet capture rules are to be written. Can you provide a more detailed explanation?
View more
  • x
  • convention:
chouhao
Created Dec 29, 2018 09:30:00

from this case, I learned the way to use wireshark to capture packets. thanks for sharing, we learned a lot from this good case.wish you can share much about this product.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.