Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Wireshark: Configuring Interface Displays

In network analysis, I always stress the importance of getting familiar with your tools and understanding how they behave. There is nothing more frustrating than trying to figure out a tool while network troubleshooting. In this video, I explain how to configure which interfaces are displayed in the popular Wireshark network protocol analyzer.

As you get more familiar with Wireshark, you might notice that there are interfaces displayed that you don’t need. In certain scenarios, you might want to display only a specific interface. This is common when you have a shared/departmental troubleshooting computer or if you use more than one adapter on your computer. An example of the latter is a computer with two Ethernet adapters: one to capture packets and the other to control the computer. Some common terminology for this type of tool architecture would be Network and Management ports or Transport and Capture ports.

In the video, I show you how to determine which adapters are available and how to control which ones are displayed. It's important to stress that this technique does not disable or remove the adapter from the system. This technique simply "hides" the adapter from the Wireshark GUI, but not the CLI tools. For example if I go to my command prompt and type tshark –D, I will still see all my adapters listed even though I may have hidden all but two interfaces. I won't be able to capture traffic from the hidden adapter in Wireshark, but I can access it for other purposes.