Wikiversity

Wireshark/Display filter

< Wireshark

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings edit

  1. Wireshark: Display Filters

Multimedia edit

  1. YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation edit

To prepare for this activity:

  1. Start your system Linux or Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Network Traffic edit

To capture network traffic:

  1. Start a Wireshark capture.
  2. Use ping 8.8.8.8 to ping an Internet host by IP address.
  3. Stop the Wireshark capture.

Activity 2 - Use a Display Filter edit

To use a display filter:

  1. Type ip.addr == 8.8.8.8 in the Filter box and press Enter.
  2. Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.
  3. Click Clear on the Filter toolbar to clear the display filter.
  4. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References edit

Retrieved from "https://en.wikiversity.org/w/index.php?title=Wireshark/Display_filter&oldid=2408179"