Chapter 4. Working with Captured Packets

image with no caption

Now that you’ve been introduced to Wireshark, you’re ready to start capturing and analyzing packets. In this chapter, you’ll learn how to work with capture files, packets, and time-display formats. We’ll also cover more advanced options for capturing packets and dive into the world of filters.

Working with Capture Files

As you perform packet analysis, you will find that a good portion of the analysis you do will happen after your capture. Usually, you will perform several captures at various times, save them, and analyze them all at once. Therefore, Wireshark allows you to save your capture files to be analyzed ...

Get Practical Packet Analysis, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.