Capturing Remote Packets Tips for Wireshark

The trick to successful protocol analysis is the ability to spot patterns. Unfortunately patterns are usually intertwined between many other packets and untangling them is challenging at best.

This is where filters come into play. Capture or Display filters help you find those patterns.

The skill of protocol analysis is determining what filter to use. I use the word ‘skill’ intentionally since we all have access to the filters in Wireshark but its how you use those filters what make Wireshark and the analyst effective.

In this video I explain what capture filter to use when you want to capture packets from remote devices. By filtering on your routers mac address, you will see all remote packets.

When using technique, the analyst should be familiar enough with their network architecture and understand how load balancing configurations may change the routers mac address, etc..

