Here shows u the steps on how to monitor the TCP protocol on a interface. Since the Ethernet is broadcasting in nature, u will find many unknown packets that both the source and destination do not belong to your IP.
1. Start the Wireshark program and click the Interface List. A window will be prompted and click Options for the interface which is going to be monitored.
2. Enter host 192.168.24.23 in Capture Filter. So only packets associated with this IP are captured. Then click the Start button.
3. You can now find the all the packets with 192.168.24.23. The on in blue is the HTTP header received from 192.168.24.24. The content length in header is 3373.
4. If you want to filter out other protocols (like ARP in the above picture) such that only TCP packets are shown, enter tcp in Filter and click apply.
5. In order to view the whole HTTP request, right click any of the TCP packet and choose Follow TCP stream.
6. Now, the whole HTTP request is shown. You can filter the response by selecting the direction in the drop down box at the bottom.
7. Please note that the length 3719 is the whole length including the HTTP header. To obtain the content length, Save the HTTP request as
RAW and the remove the text including the blank line in the red box. Then the file size should be 3373.
Reference
Done =)
Eureka! 