voor zoeken druk op CTRL + F

keer terug naar de wireshark pagina

 

Wireshark

4.3. Start Capturing

One of the following methods can be used to start capturing packets with Wireshark:

  • You can get an overview of the available local interfaces using the " Capture Interfaces" dialog box. You can start a capture from this dialog box, using (one of) the "Capture" button(s).
  • You can start capturing using the "http://www.wireshark.org/docs/wsug_html/wsug_graphics/toolbar/capture_options_24.png Capture Options" dialog box
  • If you have selected the right capture options before, you can immediately start a capture using the "http://www.wireshark.org/docs/wsug_html/wsug_graphics/toolbar/capture_start_24.png Capture Start" menu / toolbar item. The capture process will start immediately.
  • If you already know the name of the capture interface, you can start Wireshark from the command line and use the following:
  • wireshark -i eth0 -k

     

capture interfacebox

Description
The interface description provided by the operating system.
IP
The first IP address Wireshark could resolve from this interface. If no address could be resolved (e.g. no DHCP server available), "unknown" will be displayed. If more than one IP address could be resolved, only the first is shown (unpredictable which one in that case).
Packets
The number of packets captured from this interface, since this dialog was opened. Will be greyed out, if no packet was captured in the last second.
Packets/s
Number of packets captured in the last second. Will be greyed out, if no packet was captured in the last second.
Stop
Stop a currently running capture.
Capture
Start a capture on this interface immediately, using the settings from the last capture.
Options
Open the Capture Options dialog with this interface selected
Details (Win32 only)
Open a dialog with detailed information about the interface.
Close
Close this dialog box.

 

 

Filter toolbar

Expression...

The middle button labeled "Add Expression..." opens a dialog box that lets you edit a display filter from a list of protocol fields.

Clear

Reset the current display filter and clears the edit area.

 

Apply

Apply the current value in the edit area as the new display filter.

 

Hoofdscherm waarin packages te zien zijn

The default columns will show:

  • No. The number of the packet in the capture file. This number won't change, even if a display filter is used.
  • Time The timestamp of the packet. The presentation format of this timestamp can be changed,
  • Source The address where this packet is coming from.
  • Destination The address where this packet is going to.
  • Protocol The protocol name in a short (perhaps abbreviated) version.
  • Info Additional information about the packet content.

There is a context menu (right mouse click) available,