One of the first things I'm sure you want to do in Wireshark is to begin capturing some traffic so that you can get used to the utility and possibly diagnose some issues on your own network. In this section, we'll talk about exactly that: where to capture that traffic and how to capture it.

Wireshark needs to receive packets in one way or another, so that you may begin analyzing the data and performing your network diagnostics. There are several ways of doing so in Wireshark. One way is to begin capturing on a local device with Wireshark installed through the GUI. You also have the option of doing so through a command-line. You can capture remotely from a Wireshark install on a management computer, for example. It can retrieve the packets being received and sent from a device somewhere else on your network, using a special driver install. You can also capture the traffic inline on the wire, which means you place a device called a test action port (TAP) somewhere along the data path that you need to diagnose, and it will then send that data back to your diagnostic utilities, one of which could possibly be Wireshark. And lastly, we'll go over how to store packets locally on a internetwork device (specifically, a Cisco router or switch) for export into Wireshark as a pcap file.