3- SELECT A FILTER AND CAPTURE PACKETS

Time Required: 10 minutes

Objective: Learn how to select a filter in Wireshark.

Description: This project helps you learn how to select a filter in Wireshark to narrow the types of packets being captured.

1.Follow the steps in Hands-On Project 1-2 to start the Wireshark program.

2.Click Capture on the menu bar and then click Options.

3.The Capture Interfaces dialog box appears. Choose your active interface in the list and click Close.

4.Click Capture on the menu bar and then click Capture Filters. The Capture Filters dialog box appears, which displays pre-built filters included with the Wireshark product.

5.Click the filter named No ARP and no DNS, as shown in Figure 1-19. This sets a filter to ignore ARP and DNS traffic. Click OK.Figure 1-19Selecting a pre-built filterScreenshot of window showing how to select a pre-built filter in Wireshark. The information in the field is represented in two columns Name and Filter. Some of the entries in the window read as Name: Ethernet Address 00:00:5e:00:53:00; Filter :ether host 00:00:5e:00:53:00; Name: Ethernet type 0x0806(ARP), Filter: Ether proto 0x0806; Name: No Broadcast and No multicast, Filter: not broadcast and not multicast. Name: No ARP, Filter: Not Arp; Name: ipv4 only, filter: ip. At the bottom of the window are three buttons ok, cancel and help.

6.In the main Wireshark window, click Capture and then click Start to begin capturing broadcast packets.

7.Once data has accumulated, click Stop in the main Wireshark window to view the packets captured in this process. Examine the types of broadcasts identified in the Protocol column.If no packets appear in the Capturing window, follow step 8,step 9,step 10,step 11 to generate traffic from the command prompt window, and then repeat step 6 and step 7.

8.Use the Start menu search box or the Search box on the task bar. Type cmd and then press Enter. A command prompt window opens.

9.Type ftp server1 and then press Enter. Assuming you do not have an FTP server named server1, your request fails.

10.Type quit and press Enter to exit the FTP program.

11.Type exit and then press Enter to close the command prompt window.

12.When finished, close the Wireshark program without saving.