Note : This is the classic/original FAQ. For the very latest articles and new content for UK/Ireland users, please visit the Product Knowledgebase here

DrayTek Logo

How to use Wireshark / Ethereal

Capturing IP Packets on your PC

Wireshark is an excellent and free third-party tool useful if you wish to examine the data that your PC is sending, at the TCP/IP level (across the Ethernet). It is often referred to as a 'sniffer'. Wireshark is not a DrayTek produced or supported product but we provide some installation documentation as a courtesy here.

Wireshark will capture data packets coming in and out of your PC and is therefore very useful to an engineer for diagnosing problems, or improving compatibility with specifical applications. Although these instructions looks long and complicated, the program is actually very easy to use and reasonably intuitive, though we would not recommend Wireshark for novices.

  1. Download Wireshark for Windows 98/Me/XP/2k/7 from here.
  2. Load the program by double clicking the dekstop icon :
    Ethereal Icon
  3. The main program window will appear, similar to this :
  4. Select Capture and Start (or press Ctrl-K):
  5. If you get the following error, you must firstly install the WinPCap driver (see earlier) :
  6. After selecting 'Capture' this screen will appear :

    Ensure that all of the buttons in the Name Resolution section are NOT selected (i.e. they should not be depressed).
  7. In the filename box, enter a suitable filename for the capture file. It is this file which you will examine later, or send to your support contact, so give it a name that is fairly unique, not something too generic like "log.txt":
  8. Ensure that there is no other Ethernet/Internet activity running on your PC, such as a download; such activity will add unnecessary data to the log we're about to make.
  9. Click the OK button and capture will commence; the following window will appear on your screen to show that capure is in progress :
  10. Now, leaving Wireshark running, you should now immediately carry out the function/process that you are trying to diagnose. For example, if it is a VPN client connection, try the connection.
  11. Once the process under examination/test has completed, go back to Wireshark and in the status window, click :
  12. Depending on how much data it captures, Wireshark will take a few seconds to collate the information. Once ready, your Wireshark window will be filled with data, something like this :
  13. You can now close Wireshark and examine the data it captured which will have been saved to the filename you selected earlier. If you have been asked for send that capture to someone, it's the same file you should send.