AppendixPacket sniffing usually works in two steps: first, we run a traffic capture session, and
then we analyze the captured traffic. During a capture, Wireshark asks the operating
system for a copy of all the network traffic it processes, which Wireshark then keeps
in a buffer for us to analyze. Wireshark provides us with tools that let us filter the
captured data so that we can work on only the data streams we want, and drill into
each packet in order to take a look at the header data and the payloads.
So first, we need to select the interfaces on which we want to capture the traffic.
We can see that there's a list of interfaces below the Start button. Wireshark captures
all the network traffic that passes over all the interfaces that we select; this usually
means that we end up capturing a lot of data that we're not actually interested in.
In order to reduce this noise, it's best to capture as few interfaces as possible, ideally
just one.
We're going to use the first RFC downloader, from Chapter 1, Network Programming
and Python, RFC_downloader.py, to generate some network traffic to analyze. Since
this program communicates with a host on the Internet, we want to capture the
network interface that provides our Internet connection.