Capturing from Multiple Interfaces With Wireshark

A little while ago Wireshark introduced a really neat feature that I think many people may have missed.

When you go to Capture -> Interfaces there is a check box to the left of your interface descriptions.

As you can probably already guess, you can capture from multiple adapters simultaneously.

The good news is that your packets will now be using the same clock which makes calculating latency a lot easier.

The bad news is that you need to be aware of several things if you decide to use this feature:

• Be aware of your interface limitations. For example it is popular to use a USB to Ethernet adapter, but some of them introduce a lot of latency and drop packets.

• You need to know about the network architecture or devices that you are testing. For example; Wifi to LAN testing is different than LAN to LAN.

• Lastly, you need to figure out how to identify which packets belong with which interfaces.

In this video I tackle the last point and show you one of many ways to identify which packet belongs with which interface. From this tip you can take it any way you want. For example, you can create a color rule, you can save the packets from just one interface or even use the IO Graphs to illustrate one interface vs the other.

Enjoy