Wikiversity

Wireshark/Display filter

< Wireshark

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings

edit
  1. Wireshark: Display Filters

Multimedia

edit
  1. YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation

edit

To prepare for this activity:

  1. Start your system Linux or Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Network Traffic

edit

To capture network traffic:

  1. Start a Wireshark capture.
  2. Use ping 8.8.8.8 to ping an Internet host by IP address.
  3. Stop the Wireshark capture.

Activity 2 - Use a Display Filter

edit

To use a display filter:

  1. Type ip.addr == 8.8.8.8 in the Filter box and press Enter.
  2. Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.
  3. Click Clear on the Filter toolbar to clear the display filter.
  4. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References

edit
Retrieved from "https://en.wikiversity.org/w/index.php?title=Wireshark/Display_filter&oldid=2408179"