WireShark Tutorial (Part 3 Capture Filters And Selecting your Target)



Hello and welcome to part 3 of the WireShark tutorials. In part 1 and 2 we learned what software you need, and how to start capturing your own traffic. Today we are going to learn about Capture Filters. First Open WireShark. WireShark Capture Filters

Capture Filters

  1. Press Capture options .
  2. Select your capture device.
  3. Enable promiscuous mode. (should be on by default)
  4. Enter the filters you would like to use. First we want to select a target, Ill be using 123.456.789.0 as a reference IP

Capture only traffic to or from IP address 123.456.789.1

host 123.456.789.1

Capture traffic to or from a range of IP addresses:
If you have multiple targets that you want to scan like 123.456.789.1 and 123.456.789.5 you can use the “net” command.

net 123.456.789/24

Imagine that you want to scan traffic on the target but not all of its ports. You can set a port range with the “portrange” command and select the target, so the code should be as bellow?

tcp portrange 1501-1549 host 123.456.789.1


No the input field turns red and that tells you something is wrong.
When you tell Wireshark to use multiple filters you need to use the “and” command.

tcp portrange 1501-1549 and host 123.456.789.1



As you can see the field turns green.

Let me now of you guys have questions
And remember to follow me for the next part.