When capturing traffic with Wireshark, most of us are familiar with the main interface, as shown in the following screenshot, where we would go to the lower part of the screen to see what interfaces are active by viewing the sparklines. The following screenshot shows the main Wireshark interface:
Once here, you can select an active interface and begin capturing traffic. In addition, you can put in a capture filter and begin capturing traffic. However, there are a few other capture options that allow you to do advanced configuration before capturing:
- Go to the Capture drop-down menu and then into Options.
- Select the Capture Interfaces icon.
Whatever you choose will open the advanced options dialog box. Across the top, you will see three tabs, Input, Output, and Options, as shown in the following screenshot:
To that end, let's start with how to set up a capture by selecting an input interface.