What you want to filter on exactly depends on your specific situation and purpose, of course. Most of the following display filters work on live capture, as well as for imported files, giving you the possibility to filter on almost any field of any protocol, down to the HEX values of your data streams. You can even compare values, search for strings, hide unnecessary protocols and so on. Thankfully, Wireshark allows the user to quickly filter all that data, so you only see the parts you’re interested in, like a certain IP source or destination. Capturing so many packets, means that you will end up seeing huge captured files. Unfortunately, the amount of information you will get when capturing a network line can be daunting. One of the most used network protocol analyzer out there, it analyzes the files that come out of your network TAP (called also a packet capture device) or your computer’s NIC and lets you have an in-depth look into their parameters, messages, format, etc.
This is where a tool like Wireshark comes in handy.
Most of the times, when your network crashes or you come across an issue, you have to search through your captured packets to find the problem.
0 kommentar(er)
