Watching tutorials and reading Guides has helped much but I've noticed that the instructors on said tutorial/guide don't capture as many packets as I do when I run my chosen Capture Interface. When I start Wireshark and go to the Capture Interface list it displays 1 single Interface, Assuming this is the one for me I instantly notice a difference between Theirs and Mine. Mine is already Capturing packets: the Packets column will continue to rise (Up to 26,00 captures) while the Packets/s will grow to 10 or so then drop back to 0. while I look on theirs they may have 10 or even none. When I select my Interface I get a over flow of capture packets which continues to capture more and more. Making it super difficult to weed out the useful stuff. asked 12 Jan '12, 08:43 n09a edited 12 Jan '12, 12:10 multipleinte... |
One Answer:
Welcome to the world of network analysis ! I remember being surprised at the sheer amount of stuff going on from/to my PC when I first did a capture. Display (and Capture) filters can help you to filter out unwanted stuff so as to focus on the "useful stuff". answered 12 Jan '12, 08:58 Bill Meier ♦♦ edited 12 Jan '12, 09:01 I've learned little with filtering. But I do know how to.. hehe. Any way I can filter through HTTP captures so I can only view Posts? (12 Jan '12, 09:01) n09a I suspect using a display filter like http.request.method=="POST" will work. You can learn about possible field names to filter on by selecting a field in the "details" pane and then looking at the status line at the bottom of the Wireshark Window to see the name of the field. (12 Jan '12, 09:12) Bill Meier ♦♦ |
Further More, Most of what I'm capturing is "1514 Continuation Non-HTTP traffic" any suggestions?
(Converted to a comment in keeping with the way this site works. Please see the FAQ).