a network protocol analyzer (or "packet sniffer") that can be used for
network analysis, troubleshooting, software development, education,
etc. This guide shows how to install and use it on an Ubuntu 9.10
desktop to analyze the traffic on the local network card.
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
I am trying to setup a Filter (so my log files aren't massive) that will capture only incoming traffic. I have looked on http://wiki.wireshark.org/CaptureFilters but so far have been unable to find a way to do this. Does anyone know how?
Just as a side question, when logging to multiple files in Wireshark, can you view full packet information at a later time?
The filtering capabilities of Wireshark are very comprehensive. You can filter on just about any field of any protocol, even down to the HEX values in a data stream. Sometimes though, the hardest part about setting a filter in Wireshark is remembering the syntax! So below are the top 10 display filters that I use in Wireshark. Please comment below and add any common ones that you use as well.