Packet List - this lists the packets received, clicking on a packet here will show it in the Packet Details and Packet Bytes sections There are three elements to Wireshark's display of packets: Once a packet capture has been started, it will show traffic like this. Selecting interfaces in this window and clicking Start would start the packet capture. Low-level packet analysis such as observing network issues usually does not benefit from these facilities. It is recommended to untick the Name Resolution options as this alters some values in the packet capture file to make it easier to read for high-level packet analysis. Otherwise Wireshark will discard packets not intended for the PC doing the packet capture. Ticking "Use promiscuous mode on all interfaces" is recommended, Promiscuous Mode allows Wireshark to receive packets that are not intended for the PC running Wireshark, which is necessary if capturing packets from a network. Local Area Connection, make sure to untick Capture on all interfaces, otherwise Wireshark would capture packets from other interfaces such as the wireless network adapter. If capturing from a single interface i.e. Viewing the Capture Options will show all detected network interfaces and offer additional options for capturing packets. Listing the Capture Interfaces will show this window, which shows all detected network interfaces (wired or wireless) and clicking Start here will start a packet capture: If nothing is entered here, it will show all packets received. The Display Filter box is used to control which packets Wireshark shows in the packet list, details on how to use this are in the Filtering Packet Captures tab. Restart Capture is only available once a packet capture has been started or stopped, this clears the packet list and restarts the capture Stop Capture will stop an active packet capture and allow the packet capture to be saved into a file Start Capture will start a packet capture on all selected interfaces To start capturing packets, it's necessary to select the interface to capture from, which is set from the List of Capture Interfaces and Capture Options windows. The important menu options are located in the main toolbar: The application will initially show the main screen: Install the application (which will include WinPcap, a separate program that facilitates the capturing of network traffic by the Wireshark program) and run it once it has installed successfully.
0 kommentar(er)
