In order to analyze packets to troubleshoot connectivity, performance, or security issues, you have to successfully capture all of the right packets and then identify and filter out just the packets that pertain to the goal at hand.
In this chapter, we will cover the following topics:
Picking the best capture point
TAPs and switch port mirroring
Wireshark's capture interfaces, filters, and options
Verifying a good capture
Isolating the conversation(s) of interest
Using the Wireshark Conversations window
Wireshark's display filters
Filtering expression buttons
Following TCP/UDP/SSL streams
Marking and ignoring packets
Saving filtered traffic
You'll recognize that many of these activities are the same ones that we accomplished in Chapter 1, Getting Acquainted with Wireshark, to perform a capture and filter just the packets involved in loading a web page. In this chapter, we'll expand and finish rounding out your skills in all these topics.