After clicking the triangle mark in front, you can list the filterable fields of this agreement. As shown in the figure above, the function of the expression we created is to only display all data packets that contain the keyword "" in the http protocol package. Filter expressions are useful for beginners. In the middle is the relationship between the protocol domain and the condition value. On the right are the condition values related to the protocol domain. On the left are all the protocol domains that can be used. Click the "Expression" button to open this dialog box. The filter expression dialog box, yes Wireshark can easily set the filter expression. If you want to restore it, just delete the filter condition. It can be used to filter packets that you don't want to see, but it will not delete the data. Display filters are more commonly used than capture filters.
![wireshark sum iograph wireshark sum iograph](https://sites.google.com/a/sum-lab.com/memorandum/_/rsrc/1472875408655/nettowakuno-xing-neng-ce-ding/図3.1.jpg)
After the data is captured, you can click the "Save" button among the frequently used buttons to save the data.The use of display filtersĭisplay filters applied to the capture file, used to tell wireshark display only those packets that meet the filter criteria.
![wireshark sum iograph wireshark sum iograph](https://ccnasec.com/wp-content/uploads/2020/11/2019-06-26_135341-1.jpg)
Because http uses port 80.įinally, after all the settings are completed, click the "Start" button in the main settings window to start capturing data. For example, if we only capture http-related packets, we can set the capture condition to "port 80". In the text box we can set capture filter conditions. There will be a "Capture Filter" item in the main setting dialog box popped up by clicking the setting button and in the dialog box popping up by double-clicking the interface list. Then click the ok button.Īgain, set the capture filter conditions. Then check or remove the check box in front of "Capture packets in promiscuous mode". If you want to set it separately, you can double-click the interface in the interface list, and the following dialog box will pop up. If the check box in front of "Use promiscuous mode on all interfaces" is checked in the window, it means that promiscuous mode is used for all interfaces. If the promiscuous mode is set, you can capture all data packets in the LAN. If you don't set the promiscuous mode, your computer can only get the data packets sent to and from your computer. The function of setting promiscuous mode is to set the network card to promiscuous mode. If the check box in front of the interface is checked, it means that the interface is listening to capture packets.Ģ. The interface list area lists all available interfaces. select the interface that needs to monitor and obtain data packets. In this dialog box, we can select the interface that needs to be monitored, set the promiscuous mode, and set the filter conditions for capturing data packets. After the file is closed, it will switch to the initial interface.Ĭlick the setting button in the common buttons, and the setting options dialog box will pop up. Save the results of this packet capture or analysis.Ĩ. Not only can you open the files saved by the wireshark software, you can also open the files saved by tcpdump with the -w parameter.ħ. You can open the file that was captured and saved before. Generally, the last setting result will be retained.Ħ. Some options need to be set when capturing packets. The functions of the frequently used buttons from left to right are:Ģ. Then click the "Start" button to start capturing packets.
![wireshark sum iograph wireshark sum iograph](https://crnetpackets.files.wordpress.com/2015/06/io_graphs.png)
When there are multiple network cards on the machine, you need to select a network card.
![wireshark sum iograph wireshark sum iograph](https://3.bp.blogspot.com/-3kkL2J7-xi8/VzP-IOl_6dI/AAAAAAAAG7Y/39fNoT9gA84QD6xgnICJHfXtYmhIlebaACLcB/s640/2.png)
Wireshark captures the network packets of a certain network card on the machine.
WIRESHARK SUM IOGRAPH INSTALL
So you need to install WinPcap_4_1_3.exe first.Ģ. Wireshark uses WinPCAP as an interface to exchange data messages directly with the network card.