How Cisco network gurus can fine-tune Wireshark output

Home > Blogs > Cisco > How Cisco network gurus can fine-tune Wireshark output

How Cisco network gurus can fine-tune Wireshark output

Like This Blog 0Mark Jacob
Added by March 22, 2013

If you are a fan of Wireshark, you will enjoy the little tidbits I am going to share today. I have a sample network constructed inside GNS3, which I’m sure many of you already use. If not, may I take this moment to suggest you add it to your study materials! It is a free download, and if you have access to the actual Cisco IOS, you can build an entire network environment virtually – without having to purchase nuts and bolts equipment.

Anyway, here is my little network:

I built this to play with HSRP failover performance, but I wanted to use it for this blog just to show how you can fine-tune your Wireshark captures, or at least be more certain you are capturing the data you seek.

Once this was up and running, I got on my VMWinXP Virtual Box and generated some traffic to port 80 on R1. I have enabled ip http server on R1 to be able to respond to the requests.

It looked like this:

On the VM host, my commands looked like this:

Once I hit [ENTER], I see this:

The blank window indicates that I have succeeded in reaching my target on the associated port. Let’s see that in Wireshark, with the extra tweak I used to monitor that I was capturing what I wanted. The actual Wireshark window looks like this:

You may also like:  Understanding EIGRP named mode wide-metric computation

Notice the lines highlighted in green. The column headings on the far right that interest us are Source port and Dest(ination) Port. You do not normally find those in Wireshark with the default install. So how do we add them?

If I right-click anywhere on the column headings bar, I get these choices:

From that menu box, select Column Preferences to see this:

You will note that I have already created the bottom three in this list. The source and destination ports I added have the word ‘unresolved’ in parentheses. I chose this so I would see the port numbers, not the resolved names. Let me remove what I added and show you how to put those columns into Wireshark. Here is what it looks like in the default state (with my added columns removed):

From here, I click the ‘Add’ button. This creates a ‘New Column’ and ‘Number’ as shown below:

Just click OK and you are returned to the previous view, except now you have your new column:

Now to make it be what we want it to be. Right-click the headings bar again (just to the right of the New Column works fine, and you will see this:

You may also like:  How to get Wireshark to work with Microsoft Windows Server 2012 R2

Now click Edit Column Details… and see this:

Just start typing to rename the column as you desire. I will call mine ‘Source port.’  In the field type, select your field of choice. Again, I am selecting Src Port (unresolved):

Click OK and you are returned to the original window with your happily renamed port, ready to capture traffic as you have designated. You see I now have data in that column, and I have not started a new capture to get it:

Feel free to play with these settings as you dive deep into your network traffic. I just wanted to share this little trick because sometimes I want to see my captured traffic without having to delve into the additional information below the captured frames. Feel free to share your Wireshark tricks with me, as deeper inspection of traffic flow can be fun and enlightening!

Until next time…

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 51 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 76 1

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

2 156 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.