Copyright Goodheart-Willcox Co., Inc. 266 Principles of Cybersecurity Quick Look 8.1.4 Continued 4. Once you see data being captured, let it run for a few minutes. Then, click the Stop capturing packets button on the toolbar. 5. By default, information is listed sequentially, which is in the order it is seen. You can sort the view using the column headers. For example, to view all packets by a network source address, click the Source column heading. 6. Another very helpful feature is fi ltering out. For example, you may only want to see packets from a specifi c source address or protocol. To view packets by certain criteria, click in the display fi lter on the toolbar and enter the fi lter, as shown. For example, to see all DHCPv6 traffi c, enter dhcpv6 in the display fi lter bar. Notice as you begin entering the fi lter, the text is red. Once you have entered enough for the fi lter to be recognized, the text turns green. To clear the fi lter, click the X on the right-hand side of the fi lter. 7. Clear any fi lters, and then enter a TCP fi lter. Find any packet with TCP in the Protocol col- umn, and select it. Details for the packet are displayed in the middle and bottom areas of the Wireshark window. Notice the different lines displayed in the middle area. What is listed de- pends on what details are available for the selected packet. Click the triangle to the left of a line to show expanded information about that line. The details in the Frame line are just basic infor- mation such as the size of the packet. The Ethernet II line identifi es data you would see placed in a frame, such as MAC addresses. The Internet Protocol Version 4 line shows addressing and TTL information. The Transmission Control Protocol line lists the detailed TCP information. 8. Expand the Transmission Control Protocol line, scroll down, and expand the Flags line. What fl ags are set in your example? Stop capturing packets Enter the filter