Manualshelf

Quick Start Guide

ManualsBrandsWireshark ManualsSoftware$model.subName
11121314151617181920
Wireshark Quickstart Guide
17
packets sent to/from other computers that are not addressed to
your computer.
Some higher-end switches have the capability to duplicate all
traffic passing through the switch and to send the copied traffic
to a single port. This may be done by an administrator during a
troubleshooting exercise and is normally disabled. This feature
is known variously as “port mirroring” or “port spanning”
II) Your Network Adapter
Many computers today have more than one network adapter.
For example, many laptops have both wireless network adapters
(802.11 a/b/g) and wired adapters. You must make sure that
Wireshark is listening to the correct adapter or it will not see
any traffic. You can check which adapters are receiving data by
clicking on the “Capture” menu then selecting “Interface”. In
Figure 10 you can see that Wireshark believes that there are six
interfaces, but that only the first one is receiving packets. From
this dialog you can select to:
start a capture on a specific interface
configure options before starting a capture on a specific
interface
view details of a particular interface
Figure 10 Captures/Interface dialog
The default adapter is setup in the menu
“Edit/Preferences/Capture” – make sure you choose to save any
changes using the dialog button at the bottom of the window.
You can alter the selected interface for a single capture by going
through the “Capture Options” dialog (see Figure 4)
One of the options in the capture settings is to set “promiscuous
mode”. Typically, network adapters will screen out all traffic
that is not destined for the computer. With this setting
Wireshark will send a message to your network card telling it to