Basic Packet Injection (Capturing Network Traffic) Using Wire Shark.
Basic Packet Injection (Capturing Network Traffic) Using Wire Shark.
c) Once the network interface is selected, you can start the capture, and
there are several ways to do that.
d) During the capture process, Wireshark will show the following screen.
e) Once you have captured all the packets needed, use the same buttons or
menu options to stop the capture as you did to begin.
Wireshark shows you three different panes for inspecting packet data. The
Packet List, the top pane, lists all the packets in the capture. When you
click on a packet, the other two panes change to show you the details about
the selected packet. You can also tell if the packet is part of a
conversation.
Here are details about each column in the top pane :
No. : This is the number order of the packet captured. The bracket indicates
Time: This column shows how long after you started the capture this
particular packet was captured. You can change this value in the Settings
Source: This is the address of the system that sent the packet.
Protocol: This is the type of packet. For example: TCP, DNS, DHCPv6, or
ARP.
Length: This column shows you the packet’s length, measured in bytes.
Info: This column shows you more information about the packet contents,
Packet Details, the middle pane, shows you information about the packet
depending on the packet type. You can right-click and create filters based
The bottom pane, Packet Bytes, displays the packet exactly as it was captured
you can right-click the packet and select Follow to see only the packets
Capture filters limit the captured packets by the chosen filter. If the
packets don’t match the filter, Wireshark won’t save them. Examples of
a) host IP-address: This filter limits the captured traffic to and from the
IP address
b) net 192.168.0.0/24: This filter captures all traffic on the subnet
e) port not 53 and not arp: Capture all traffic except DNS and ARP traffic.
Wireshark display filters change the view of the capture during analysis. After
you’ve stopped the packet capture, use display filters to narrow down the
packets in the Packet List to troubleshoot your issue.