Home > Support > Knowledge Base > Knowledge Base Article

How to install and use Wireshark (Ethereal) for Ethernet Packet Sniffing

Wireshark Installation and Usage

This document was put together to assist in the installation and usage of an Ethernet packet sniffing utility called Wireshark.

To install Wireshark you will need to go to http://www.wireshark.org/download.html and follow instructions. 

Once installed you will be able to use Wireshark to view ethernet packets. To start a trace, click on the second icon from the upper left.

This will open the capture options.  Select the ones you need and click 'start' to begin.  Note you can update the list of packets in real time under 'display options' below.

The trace should now be running.  You can finish 'stop running trace' button.  It's the 4rth from the top left.

You can also filter the trace.In the capture filter text field, you can enter different commands to filter the packets to only see the ones you're interested in. For instance you may want to track a unit by its IP address, the command for this would be "ip.addr == x.x.x.x" where x is the IP address of the unit. You may also want to watch the device by the MAC address, as this will show you all the packets it sends out, including the ones it sends out before it gets an IP address. To do this you would use the syntax "mac contains xx:xx:xx:xx:xx:xx" where x is the MAC address.


You can save the contents of the trace by the 'file' menu and then take the 'save as'option. 

Wireshark has much more functionality than what we describe here, so if you have time, we recommend reading through the help files and trying out different settings to get a better feel for what is possible with this application.
Contact a Digi expert and get started today! CONTACT US

Desktop Site