Network Analysis With Wireshark On Ubuntu Feisty Fawn - Page 2
On this page
2 Using Wireshark
Open the Wireshark (as root) application (Applications > Internet > Wireshark (as root)):
This is how Wireshark looks when you first start it:
Click on the List the available capture interfaces... button:
A new window opens with a list of available network interfaces on your system. Normally you want to capture the traffic on your primary network device (eth0 in this example), so you click on the Start button in the eth0 row to start an analysis of the traffic on that interface:
A new window opens where you can see the captured packets for various protocols. The capture goes on until you click on the Stop button:
After you stop a capture, you can find its results in the main window. You can now browse the results, apply filters, find problems, etc.:
To fine-tune future captures, you can click on the Show the capture options... button:
A new window opens where you can set parameters for the next capture. Click on Start afterwards to start the capture:
The result of a capture lists all found protocols by default. If you'd like to concentrate on a certain protocol (for example), you can apply a filter to the result. Go to Analyze > Display Filters...:
A new window opens where you can select your desired protocol (HTTP for example). Click on OK afterwards:
In the result window, you should now find HTTP traffic only - all other protocols have been filtered out:
To learn more about Wireshark usage, how to read the results, etc., take a look at the Wireshark documentation.
3 Links
- Wireshark: http://www.wireshark.org
- Ubuntu: http://www.ubuntu.com