I'm new to Wireshark and have a very basic question. How do I set a capture filter? However I set one - including selecting the samples that are included in Wireshark - it is flagged pink. I believe that means I have a syntax error. That certainly can't be the case with the sample filters so something else must be going wrong. The filter I want to set is "host wdmycloud" or "host 192.168.1.47" - a NAS on my LAN. I don't see how it could matter, but I'm running Wireshark on Windows 10 using Win10Pcap rather than the Pcap that comes with Wireshark. Packet capture seems to work fine ... as long as I don't want to filter it. asked 22 Oct '16, 16:45  pokeefe0001 |
One Answer:
Unless you've set a default interface, when you first launch Wireshark, no interface is selected. Select the capture interface before you enter the capture filter. The syntax check will stay red until you've selected an interface and entered valid capture filter syntax. answered 22 Oct '16, 18:29  Jim Aragon Thank you. Maybe that should have been obvious, but I missed it. Is there a way to "close" a thread on this forum? (22 Oct '16, 20:13) pokeefe0001 Actually, it's not that obvious, because in earlier versions, Wireshark's syntax checking would turn green as soon as you typed a valid filter, even if no interface was selected. If you're happy with the answer, you can click to Accept it, but it's not necessary to close a thread. (22 Oct '16, 21:20) Jim Aragon It's not a forum, it's a Q&A site, so this isn't really a "thread" to close. Think of it as a crowd-sourced FAQ; we keep it "open" so that somebody can search the site to see if anybody else has asked the same question and gotten an answer, in which case they don't have to ask the question themselves and wait for the answer. To say "OK, this answer solved my problem, so I don't have to ask any more", you accept the answer in question, as Jim Aragon suggests. (23 Oct '16, 18:12) Guy Harris ♦♦ |
Note that Win10Pcap is an external project that is not recommended by the Wireshark project.
WinPcap 4.1.3 works just as well on Windows 10 as it does on older versions of Windows, but if you need features not provided by WinPcap such as Local Loopback or 802.11 monitor mode capture then use the experimental replacement npcap.