Home > General Administration > Tools and Troubleshooting > Using Wireshark for Packet Captures

Using Wireshark for Packet Captures

Wireshark is a utility that will display the packets seen by a device. Packets contain the data that is transmitted between computers. Viewing this information can often aid in the diagnosis of issues that may be occurring in a network. It is possible for a device to not see all packets transmitted on a network if a device is hardwired. In this instance, the device may only see broadcast packets and packets addressed to itself due to the functionality of modern networking equipment.

Installation

Please visit Wireshark's download page to download Wireshark. When downloading, simply follow the prompts. 

Taking a Capture

  1. Open Wireshark.
  2. Setup the desired capture interface.
    1. Click Capture Options.
      Screen Shot 2018-03-08 at 12.37.36 PM.png
    2. Uncheck "Enable promiscuous mode on all interfaces", check the "Promiscuous" option for your capture interface and select the interface.
      Screen Shot 2018-03-08 at 1.05.12 PM copy.png
    3. Optional. Rolling captures can be configured if required. This option will allow packets to be captured continuously without filling up the storage on your device.
      1. In the "Output" tab, click "Browse...".
        Screen Shot 2018-03-08 at 12.56.40 PM.png
      2. Enter a filename in the "Save As:" field and select a folder to save captures to. Click Save.
        Screen Shot 2018-03-08 at 12.54.29 PM.png
      3. Select "Create a new file automatically after..." and "Use a ring buffer with x files". This creates a maximum of number of files, with each file set to the size or timeframe configured. For example, creating a new file automatically after 32 megabytes, with a ring buffer of 128 files, will provide 4 gigabytes of rolling captures.
        Screen Shot 2018-03-08 at 1.02.53 PM.png
    4. Click start. This will take you to a new window that will show the packets that the device is picking up. 
      Screen Shot 2018-03-08 at 1.05.12 PM.png
  3. When the desired packets have been obtained click stop. 
    Screen Shot 2018-03-08 at 1.10.57 PM.png
  4. Save the capture from the "File menu" with a distinct name. 

 

In certain instances, it can be beneficial to filter a capture for a specific client's IP address or for a specific type of traffic. This filtering can be done prior to the capture as well as after the capture. If this is required, a support technician will inform you of the filter that he would like you to apply. This filter is applied in the filter box in Wireshark. 

 

  1. Select the filter box.
    Screen Shot 2018-03-08 at 1.14.35 PM.png
  2. Input filter string as provided by support engineer. Click the "Apply" button.
    Screen Shot 2018-03-08 at 1.15.36 PM.png
  3. To save the filtered data, go to File -> Export Specified Packets...
    Screen Shot 2018-03-08 at 1.19.16 PM.png
  4. Make sure that the "Displayed" radio button is checked and that the file has a unique filename. Once this is complete, select "Save".
    Screen Shot 2018-03-08 at 1.21.06 PM.png 


     
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1815

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community