= WireShark =

**Summary**: How to work with wireshark. \\
**Date**: 3 January 2025 \\
{{tag>wireshark}}

== Trace in Linux ==

<code>
tcpdump -w /tmp/tracefile
</code>
You can end the trace using <ctrl> + c, after which you can open the file using wireshark.

== Display Filters ==

* Only IP-address 10.10.10.10
  * ip.addr == 10.10.10.10
* Everything except IP-address 10.10.10.10
  * !(ip.addr == 10.10.10.10)
* Everything except DNS and NTP
  * !(udp.port == 53) and !(udp.port == 123)