Wireshark/Display filter

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.

Readings

 * 1) Wireshark: Display Filters

Multimedia

 * 1) YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122

Preparation
To prepare for this activity:
 * 1) Start your system Linux or Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture Network Traffic
To capture network traffic:
 * 1)  Start a Wireshark capture.
 * 2) Use  ping 8.8.8.8 to ping an Internet host by IP address.
 * 3)  Stop the Wireshark capture.

Activity 2 - Use a Display Filter
To use a display filter:
 * 1) Type ip.addr == 8.8.8.8 in the Filter box and press Enter.
 * 2) Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.
 * 3) Click Clear on the Filter toolbar to clear the display filter.
 * 4) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.