| 60 | | Once you open the wireshark you will get the following interface. you can select the interface that you want to capture packets clicking on the intarface listed there. Then you can click the '''blue shark fin button''' to capture the packets. |
| | 60 | Once you open the wireshark you will get the following interface. you can select the interface that you want to capture packets clicking on the intarface listed there. Then you can click the '''Start Capture''' to capture the packets. |
| | 61 | |
| | 62 | You will see the packets capturing. Click the '''Stop Capture''' button when you want to stop the capturing. |
| | 63 | |
| | 64 | You can change the interface and add or remove filter by clicking the '''Options''' button. |
| | 65 | |
| | 66 | === Filters === |
| | 67 | |
| | 68 | Wireshark has lot of filters. Let's try a simple filter. Let's capture only the packets that are usinf ICMP protocol. |
| | 69 | |
| | 70 | You will the filter text field in the wireshark interface. Type '''icmp''' there and start capturing. You can try different filters. |
| | 71 | |
| | 72 | - '''ip.addr == <Your IP address>''' [Sets a filter for any packet with 10.0.0.1, as either the source or dest] |
| | 73 | - '''ip.addr==<Your IP address> && ip.addr==<neighbors IP address>''' [sets a conversation filter between the two defined IP addresses] |
| | 74 | - '''http or dns''' [sets a filter to display all http and dns] |
| | 75 | - '''tcp.port==53''' [sets a filter for any TCP packet with 4000 as a source or dest port] |
| | 76 | - '''http.request''' [displays all HTTP GET requests] |
| | 77 | - '''!(arp or icmp or dns)''' [masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest] |
