The Wireshark Welcome page is displayed.
So which card do I want to capture?
-
Local services such as localhost or 127.0.0.1 For example, if I want to request the service, http://localhost:12345/xxx lo0 corresponding adapter is choice. The same is true for 127.0.0.1.
-
For example, if I want to access www.baidu.com/ from a browser, the corresponding network card is usually EN0.
-
If still not sure which one to catch? You can use tcpdump to capture a network adapter without setting it, filter out the requests using keywords, and then reverse search for the corresponding interface.
sudo tcpdump -n -s1000 -A dst port 80 -i any |grep 'baidu.com' -C 10 Copy the codeTcpdump -a indicates that packet data is printed in ASCII format. Because HTTP is A text-based protocol, Host: www.baidu.com in the header can be printed. If the request is from IP 192.168.255.10, use grep -c 10 to print the next 10 lines, and then find the network adapter corresponding to this IP.
Use ifconfig to check whether the request is from utun2 network adapter:
The ifconfig | grep '192.168.255.10' - 3 CCopy the codeIn the
wiresharkSet up theCapture FilterThat’s it. Select on the pageutun2After the network card, double – click to capture the package.
