This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Setting up capture interface

0

Hi, I'm a new WS user, and I'm wondering how to set up the capture interface. There are 4 available interfaces for me: 1. Local Area Connection 2. Ethernet 3. Wi-Fi 4.Bluetooth Network Connections.

As for 1,2, and 4, I am unable of receiving any packets. As for 3, the Ethernet, I get non-stopping packets when I've just started my computer. Most importantly, For TCP, it shows "Ethernet Frame Check Sequence Incorrect," and I'm unable of getting any UDPs.

I am very lost. I have Windows 8 64 bit and wincap installed.

asked 15 Nov '14, 17:23

Davis's gravatar image

Davis
1223
accept rate: 0%

can someone please explain to me what am I doing wrong?

(16 Nov '14, 10:15) Davis

One Answer:

0

For the first part of your question, you will only see packets on interfaces that are actually in use. You can check this using the "Interfaces" display of Wireshark, from the main panel display, from the Capture Menu or via Ctrl + I. You'll see the packet count go up for the interfaces in use. You can check what those interfaces really are from a Cmd or Powershell prompt with ipconfig /all.

For the second part, lots of packets are expected if your computer is sending or receiving data, that's where the magic happens.

For the third part, you have either mistyped or are confused. Ethernet does have Frame Check Sequence bytes, but normally you don't see them, and this is different to TCP Checksum bytes.

If it is the Ethernet Frame Check Sequence, try disabling that part of the Ethernet dissector (in the packet details pane, right click the "Ethernet II" entry and the go to "Protocol Preferences" and make sure "Assume packets have FCS" and "Validate the Ethernet checksum if possible" aren't checked.

If it is the TCP Checksum, again, right click that part of the packet details, go to "Protocol Preferences" and make sure "Validate the TCP checksum if possible" isn't checked.

answered 16 Nov '14, 13:04

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi, I have posted a photo of what I see when I'm under wifi. all of these arps and tcps take up the page, and I have no clue what this means. Thank you for your help. http://postimg.org/image/i2xnhl48p/

(17 Nov '14, 14:28) Davis