Wireshark Revealed:Essential Skills for IT Professionals
上QQ阅读APP看书,第一时间看更新

Verifying a good capture

After a capture is complete, you should scroll through and inspect the packets in the Packet List pane to ensure that you're seeing the traffic you were expecting—usually traffic to and from a specific host.

You should also ensure there were no dropped packets, which would be displayed in the Packet Information section of the Status Bar at the bottom center of the Wireshark user interface. Dropped packets indicate that Wireshark or the selected NIC could not keep up with the traffic volume and had to discard packets, which could of course affect the quality of your analysis. If dropped packets occur, you may need to use a higher performance workstation to perform the captures or select a lower traffic volume capture location.