Introduction
In this lab you will use the Wireshark packet analyzer to capture and display the control information and data stored in packets transmitted over a network. Wireshark collects network traffic data and creates files that display packet header information in a layered format like that used by the Internet model. These layers can be expanded to view details that may prove helpful in determining the source of problems that your network might be experiencing. Creating filters that hide unwanted data and facilitate data analysis will also be discussed in this lab.
Starting Wireshark
To begin click the Start button on the Windows Task Bar. Click the All Programs option in the System menu to show all menu choices (Figure 1). Click the Wireshark choice to start the application. Note: If you do not see the Wireshark choices in the menu then you will need to install Wireshark on your computer. Consult Appendix E for detailed instructions on how to download, install, and configure Wireshark.
Figure 1: The All Programs menu showing the Wireshark choices
Figure 2: The Wireshark splash screen After launching Wireshark, the Wireshark splash screen (Figure 2) appears while the application is loading program components into computer memory. After all components are loaded the splash screen disappears and the Wireshark application window appears (Figure 3). The Wireshark application window includes a menu bar, the main toolbar, and a filter toolbar. In Figure 3 the Capture menu has been expanded to show its menu choices. The Interfaces choice lets you assign a network adapter for capturing packet data transmitted over the network. Clicking the Stop choice terminates a capture session. The Capture Filters choice provides an interface for specifying conditions that hide unwanted information in the capture display. Notice that shortcuts for the Interfaces, Start, and Stop options are available on the main toolbar directly beneath the menu bar. The Filter