How do I capture packets from Yahoo Messenger only? Or maybe I have to set a filter after capture? I know very little about Wireshark - am working on the Windows platform. asked 17 Jan '13, 12:49  marcerickson |
One Answer:
If you know what port Yahoo Messenger uses or what IP address you're communicating with, you can set a capture filter for either the port or the IP address. For example: "tcp port 5050" or "ip host 192.168.1.10". I think, though, that Yahoo Messenger can use a range of ports, so you won't always know in advance what port will be used. If you're new to Wireshark, I recommend that you capture everything to/from your PC and then use a display filter later to focus on the Yahoo Messenger traffic. If you use the wrong capture filter, the traffic you're interested in will not be captured. If you use the wrong display filter, you won't see the traffic you're interested in, but you can just correct your display filter. Note that capture filters and display filters use different syntax. Display filters have more capability than capture filters. Here's a link to the Wireshark wiki page on capture filters and here's the display filters section of the User's Guide. answered 17 Jan '13, 13:42  Jim Aragon |
Useful. Thanks.