NETWORKING

  • 02/28/2018
    6:30 AM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Wireshark: Configuring Interface Displays

Learn how to control what interfaces you see when using the network analyzer for troubleshooting.

In network analysis, I always stress the importance of getting familiar with your tools and understanding how they behave. There is nothing more frustrating than trying to figure out a tool while network troubleshooting. In this video, I explain how to configure which interfaces are displayed in the popular Wireshark network protocol analyzer.

As you get more familiar with Wireshark, you might notice that there are interfaces displayed that you don’t need. In certain scenarios, you might want to display only a specific interface. This is common when you have a shared/departmental troubleshooting computer or if you use more than one adapter on your computer. An example of the latter is a computer with two Ethernet adapters: one to capture packets and the other to control the computer. Some common terminology for this type of tool architecture would be Network and Management ports or Transport and Capture ports.

In the video, I show you how to determine which adapters are available and how to control which ones are displayed. It's important to stress that this technique does not disable or remove the adapter from the system. This technique simply "hides" the adapter from the Wireshark GUI, but not the CLI tools. For example if I go to my command prompt and type tshark –D, I will still see all my adapters listed even though I may have hidden all but two interfaces. I won't be able to capture traffic from the hidden adapter in Wireshark, but I can access it for other purposes.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments