Tips to be better at wireshark

[Bird222]

Can you guys give some tips so I can be more proficient at using wireshark. I can scroll through and find packets but that isn't very good. How can I use filters? How can I see a stream from start to finish between two IPs or two interfaces? Or all the udp traffic between two IPs? Or capture only a certain protocol between IPs, for instance ARP? Stuff like that. Help.

 

[Gryz]

I googled "wireshark filter tutorial". And immediately got some interesting links.

This one is a tutorial for the syntax of the filtering.
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
https://wiki.wireshark.org/CaptureFilters

It also indicated that wireshark has its own wiki.
https://www.wireshark.org/docs/wsug_html_chunked/index.html

The wiki seems huge.
You should be able to find anything your want there.

 

[unokitty]

Can you guys give some tips so I can be more proficient at using wireshark. I can scroll through and find packets but that isn't very good. How can I use filters? How can I see a stream from start to finish between two IPs or two interfaces? Or all the udp traffic between two IPs? Or capture only a certain protocol between IPs, for instance ARP? Stuff like that. Help.

Couple of things:

One
Watch the Introduction to Wireshark Video that is narrated by Gearld Coombs.

Two
Watch the other videos available on Wireshark.org

Three
Watch Laura Chappell's Youtube videos. Better yet, if you can, attend one of her Wireshark seminars...

Then, practice, practice, practice... There is no substitute for time on task!

Best of luck,
Uno