There is a grate feature in WireShark for resolving DNS names that is not typically turned on by default. Of course a lot of what can be done with regards to display filtering simply comes down to right clicking on what your interested in looking at, but if know what you want to filter on you can just type it in. Specific Ethernet OUI Address: eth.addr =.WireShark also offers a great on line Forum where you can submit questions and get more in depth answers. WireShark offers a comprehensive of Display Filters on their site, but I’m going to the list the one’s that I use the most often when I’m troubleshooting problems.
I have run WireShark on all three OS’s, and experience is always the same it just works. WireShark comes in all the flavors from Windows, MAC, and Linux. Unfortunately the Display Filters are not that straight forward and sometimes hard to understand. WireShark offers a great way to filter out the data you don’t want to see using Display Filters. Like with most products that capture data on the network you end up sifting through mountains of data that you really don’t need or want to see. The Wireshark development group survives thanks to the contributions of networking experts across the world.
It really has become the standard so to speak in the world of packet capture well at least the free World.
It lets you see what’s happening on your network at a microscopic level. Wireshark is the world’s most popular network protocol analyzer.