LoveMyTool - Open Community for Network Management and Monitoring

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

Wireshark: Wireless Display and Capture Filters samples

Display filters
You can apply display filters, when you want to look for specific data in capture files. The packets, that don't match the Display Filter are hidden, but not removed from the capture file.

There are different ways to apply display filters.
A way to use display filters is to start typing in the Filter Input Field in the Filter Toolbar.
You can take advantage of the autocomplete function. When the back-ground of the filterbox turns green the filter string is valid.
Don't forget to hit Apply or Enter to apply the filter.

You can also copy and paste filter strings into the Filter Input Field.

Here are some examples:

• Show only the beacon frames:
  wlan.fc.type_subtype == 0x08
• Show everything except the beacon frames:
  !wlan.fc.type_subtype == 0x08
• Show only beacon frames and ack frames:
  (wlan.fc.type_subtype == 0x08) || (wlan.fc.type_subtype == 0x1d) 
• Show everything except the beacon and ack frames
  (!wlan.fc.type_subtype == 0x08) && (!wlan.fc.type_subtype == 0x1d)

You will find more information in the Wireshark User's Guide and in the Wireshark Wiki.

Continue reading to learn more about capture filters.

Click on image to enlarge

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

PlayCap: Playback for Wireshark Capture Files.
Alan Ott has developed the tool PlayCap.
PlayCap is an application, that runs on Linux and Windows. PlayCap plays back capture files made from Wireshark, tcpdump, WinDump, or any other libpcap-based application.

You can download PlayCap here.
Continue reading to learn more.

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

Wireshark: the benefits of marking packets
There are several reasons to mark packets:

• Mark packets of particular interest when you scroll through a trace file.
  It's easy to find previous marked packets in a large trace files.
  
• Save marked packets.
• Apply a display filter, mark the packets and save those packets to a separate trace file.
• Use Mark Packets to save 2 or more tcp and/or udp streams to a separate file.

Options
You find the options and shortcut keys under the "Edit" menu:

• Mark Packet (toggle) - CTRL+M
  Mark or unmark the selected packet.
• Find Next Mark - Shift+CTRL+N
  Jump to the next marked packet in the trace file.
• Find Previous Mark - Shift+CTRL+B
  Jump to the previous marked packet in the trace file.
• Mark All Packets - CTRL+A
  Mark all packets, that are currently displayed.
• Unmark All Packets - CTRL+D
  Unmark all marked packets, that are currently displayed.

Notes:
You can also right-click a packet in the Packet List and choose Mark Packet (toggle) from the context menu.
You cannot save the marks in a trace file. You loose the marks, when you close the file.

Continue reading, download the sample file and follow along.

Author Profile - My name is Joke (pronounced \yō-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

Wireshark & Windows 7
In fact the title should sound like HowTo run Wireshark and HowTo install WinPcap 4.1 beta 5 on Windows 7.
Well, there are some issues:
one concerns Wireshark and the other WinPcap.

Let's start with running the previous versions on Windows 7.
Here you can download all the versions of Wireshark.

Installing Wireshark 1.0.8 or 1.1.3 with WinPcap 4.0.2 on Windows 7.
The Wireshark Installer includes WinPcap.
Previous versions of Wireshark, e.g. stable release 1.0.8 or development release 1.1.3 come together with WinPcap 4.0.2. It's no problem to install those on Windows 7.

You might get surprised, when you try to run wireshark:

Author Profile - My name is Joke (pronounced \yō-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

Wireshark 1.2.0 & GeoIP

A cool new feature in Wireshark.

Wireshark supports MaxMind's GeoIP. You can use their databases to match IP addresses to countries, city's and other bits of information. The information about all known IP address locations can be displayed on a map.

In this article I will tell you which steps you have to take to use this new feature.

Get Wireshark Now

Click here to get the latest version.

It's free!

Windows - OS X - Linux - Others