At times, the network administrator may want to share the packet capture with other members of the team. Wireshark can subset traffic to break apart large packet captures and focus on the problem areas.

For example, a large packet capture will most likely have several different types of traffic in addition to data, such as management traffic and 802.11 control frames. You can easily apply a filter using the and NOT option to exclude traffic that you don't want to see.

Within the subset, you can include comments. You can find comments either by selecting the comments icon in the lower left-hand corner that looks like a pad and pencil, or go to Statistics | Capture file properties and include your comments in the space below marked comments. If you do add comments, then you must save the file in the PCAPNG format as not all file formats will support the use of comments.

Once you have created a smaller file and added any (optional) comments, you can export the specified packets and save in a wide variety of formats. Formats include the default PCAPNG, along with PCAP, Sun Snoop, DMP, and many others.

In addition to network administrators, students will gain valuable insight into what is actually happening on the network by using Wireshark to examine headers and field values of the protocols.