Wireshark/Capture filter

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a capture filter.

Readings

 * 1) Wireshark: Capture Filters

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture Network Traffic Using a Capture Filter
To capture network traffic using a capture filter:
 * 1) Select either the Capture menu and then the Interfaces dialog box or the List the available capture interfaces toolbar button.
 * 2) Select Options.
 * 3) Double-click on the interface you want to use for the capture.
 * 4) In the Capture Filter box type host 8.8.8.8.
 * 5) Select OK to save the changes.
 * 6) Select Start to start a Wireshark capture.
 * 7) Use  ping 8.8.8.8 to ping an Internet host by IP address.
 * 8) Use  ping 8.8.4.4 to ping an Internet host by IP address.
 * 9) Observe that only traffic to (destination) or from (source) IP address 8.8.8.8 is captured.
 * 10)  Stop the Wireshark capture.
 * 11) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.