Wireshark is an awesome tool that lets you look at network activity. It captures packets of data leaving and entering a network and displays them in a graphical user interface. I’ve found Wireshark to be an invaluable learning tool. I’ve used it to help me understand network protocols, such as TCP and HTTP, by looking at the contents of packets and seeing what actually happens step-by-step.
When you start capturing packets in Wireshark, the default behavior is to capture everything, which can be overwhelming. What if you only care to look at HTTP activity, or DNS activity, or traffic from a specific IP address? Well, that’s what filters are for. In this post, I’m going to learn how to filter all those packets so Wireshark only displays what I care about.
By the way, there are two types of filters in Wireshark: display filters and capture filters. I’m talking about capture filters.
Meh… Maybe I should not reinvent the wheel. Just go here and read it from the experts.