【Wireshark】Chapter 3. User Interface
Chapter 3. User Interface
- 3.1. Introduction
- 3.2. Start Wireshark
- 3.3. The Main window
- 3.3.1. Main Window Navigation
- 3.4. The Menu
- 3.5. The “File” Menu
- 3.6. The “Edit” Menu
3.1. Introduction
By now you have installed Wireshark and are likely keen to get started capturing your first packets. In the next chapters we will explore:
- How the Wireshark user interface works
- How to capture packets in Wireshark
- How to view packets in Wireshark
- How to filter packets in Wireshark
- … and many other things!
3.2. Start Wireshark
You can start Wireshark from your shell or window manager.
Power user tip
When starting Wireshark it’s possible to specify optional settings using the command line. See Section 11.2, “Start Wireshark from the command line” for details.
The following chapters contain many screenshots of Wireshark. As Wireshark runs on many different platforms with many different window managers, different styles applied and there are different versions of the underlying GUI toolkit used, your screen might look different from the provided screenshots. But as there are no real differences in functionality these screenshots should still be well understandable.
3.3. The Main window
Let’s look at Wireshark’s user interface. Figure 3.1, “The Main window” shows Wireshark as you would usually see it after some packets are captured or loaded (how to do this will be described later).
Figure 3.1. The Main window
Wireshark’s main window consists of parts that are commonly known from many other GUI programs.
- The menu (see Section 3.4, “The Menu”) is used to start actions.
- The main toolbar (see Section 3.16, “The “Main” Toolbar”) provides quick access to frequently used items from the menu.
- The filter toolbar (see Section 3.17, “The “Filter” Toolbar”) allows users to set display filters to filter which packets are displayed (see Section 6.3, “Filtering Packets While Viewing”).
- The packet list pane (see Section 3.18, “The “Packet List” Pane”) displays a summary of each packet captured. By clicking on packets in this pane you control what is displayed in the other two panes.
- The packet details pane (see Section 3.19, “The “Packet Details” Pane”) displays the packet selected in the packet list pane in more detail.
- The packet bytes pane (see Section 3.20, “The “Packet Bytes” Pane”) displays the data from the packet selected in the packet list pane, and highlights the field selected in the packet details pane.
- The packet diagram pane (see Section 3.21, “The “Packet Diagram” Pane”) displays the packet selected in the packet list as a textbook-style diagram.
- The statusbar (see Section 3.22, “The Statusbar”) shows some detailed information about the current program state and the captured data.
Tip
The layout of the main window can be customized by changing preference settings. See Section 11.5, “Preferences” for details.
3.3.1. Main Window Navigation
Packet list and detail navigation can be done entirely from the keyboard. Table 3.1, “Keyboard Navigation” shows a list of keystrokes that will let you quickly move around a capture file. See Table 3.6, “Go menu items” for additional navigation keystrokes.
Table 3.1. Keyboard Navigation
Help → About Wireshark → Keyboard Shortcuts will show a list of all shortcuts in the main window. Additionally, typing anywhere in the main window will start filling in a display filter.
3.4. The Menu
Wireshark’s main menu is located either at the top of the main window (Windows, Linux) or at the top of your main screen (macOS). An example is shown in Figure 3.2, “The Menu”.
Note
Some menu items will be disabled (greyed out) if the corresponding feature isn’t available. For example, you cannot save a capture file if you haven’t captured or loaded any packets.
Figure 3.2. The Menu
The main menu contains the following items:
File
This menu contains items to open and merge capture files, save, print, or export capture files in whole or in part, and to quit the Wireshark application. See Section 3.5, “The “File” Menu”.Edit
This menu contains items to find a packet, time reference or mark one or more packets, handle configuration profiles, and set your preferences; (cut, copy, and paste are not presently implemented). See Section 3.6, “The “Edit” Menu”.View
This menu controls the display of the captured data, including colorization of packets, zooming the font, showing a packet in a separate window, expanding and collapsing trees in packet details, …. See Section 3.7, “The “View” Menu”.Go
This menu contains items to go to a specific packet. See Section 3.8, “The “Go” Menu”.Capture
This menu allows you to start and stop captures and to edit capture filters. See Section 3.9, “The “Capture” Menu”.Analyze
This menu contains items to manipulate display filters, enable or disable the dissection of protocols, configure user specified decodes and follow a TCP stream. See Section 3.10, “The “Analyze” Menu”.Statistics
This menu contains items to display various statistic windows, including a summary of the packets that have been captured, display protocol hierarchy statistics and much more. See Section 3.11, “The “Statistics” Menu”.Telephony
This menu contains items to display various telephony related statistic windows, including a media analysis, flow diagrams, display protocol hierarchy statistics and much more. See Section 3.12, “The “Telephony” Menu”.Wireless
This menu contains items to display Bluetooth and IEEE 802.11 wireless statistics.Tools
This menu contains various tools available in Wireshark, such as creating Firewall ACL Rules. See Section 3.14, “The “Tools” Menu”.Help
This menu contains items to help the user, e.g., access to some basic help, manual pages of the various command line tools, online access to some of the webpages, and the usual about dialog. See Section 3.15, “The “Help” Menu”.
Each of these menu items is described in more detail in the sections that follow.
Shortcuts make life easier
Most common menu items have keyboard shortcuts. For example, you can press the Control and the K keys together to open the “Capture Options” dialog.
3.5. The “File” Menu
The Wireshark file menu contains the fields shown in Table 3.2, “File menu items”.
Table 3.2. File menu items
| Menu Item | Accelerator | Description |
|---|---|---|
| Open… | Ctrl+O | This shows the file open dialog box that allows you to load a capture file for viewing. It is discussed in more detail in Section 5.2.1, “The “Open Capture File” Dialog Box”. |
| Open Recent | This lets you open recently opened capture files. Clicking on one of the submenu items will open the corresponding capture file directly. | |
| Merge… | This menu item lets you merge a capture file into the currently loaded one. It is discussed in more detail in Section 5.4, “Merging Capture Files”. | |
| Import from Hex Dump… | This menu item brings up the import file dialog box that allows you to import a text file containing a hex dump into a new temporary capture. It is discussed in more detail in Section 5.5, “Import Hex Dump”. | |
| Close | Ctrl+W | This menu item closes the current capture. If you haven’t saved the capture, you will be asked to do so first (this can be disabled by a preference setting). |
| Save | Ctrl+S | This menu item saves the current capture. If you have not set a default capture file name (perhaps with the -w option), Wireshark pops up the Save Capture File As dialog box (which is discussed further in Section 5.3.1, “The “Save Capture File As” Dialog Box”). If you have already saved the current capture, this menu item will be greyed out.You cannot save a live capture while the capture is in progress. You must stop the capture in order to save. |
| Save As… | Shift+Ctrl+S | This menu item allows you to save the current capture file to whatever file you would like. It pops up the Save Capture File As dialog box (which is discussed further in Section 5.3.1, “The “Save Capture File As” Dialog Box”). |
| File Set → List Files | This menu item allows you to show a list of files in a file set. It pops up the Wireshark List File Set dialog box (which is discussed further in Section 5.6, “File Sets”). | |
| File Set → Next File | If the currently loaded file is part of a file set, jump to the next file in the set. If it isn’t part of a file set or just the last file in that set, this item is greyed out. | |
| File Set → Previous File | If the currently loaded file is part of a file set, jump to the previous file in the set. If it isn’t part of a file set or just the first file in that set, this item is greyed out. | |
| Export Specified Packets… | This menu item allows you to export all (or some) of the packets in the capture file to file. It pops up the Wireshark Export dialog box (which is discussed further in Section 5.7, “Exporting Data”). | |
| Export Packet Dissections… | Ctrl+H | These menu items allow you to export the currently selected bytes in the packet bytes pane to a text file in a number of formats including plain, CSV, and XML. It is discussed further in Section 5.7.3, “The “Export Selected Packet Bytes” Dialog Box”. |
| Export Objects | These menu items allow you to export captured DICOM, HTTP, IMF, SMB, or TFTP objects into local files. It pops up a corresponding object list (which is discussed further in Section 5.7.7, “The “Export Objects” Dialog Box”) | |
| Print… | Ctrl+P | This menu item allows you to print all (or some) of the packets in the capture file. It pops up the Wireshark Print dialog box (which is discussed further in Section 5.8, “Printing Packets”). |
| Quit | Ctrl+Q | This menu item allows you to quit from Wireshark. Wireshark will ask to save your capture file if you haven’t previously saved it (this can be disabled by a preference setting). |
3.6. The “Edit” Menu
The Wireshark Edit menu contains the fields shown in Table 3.3, “Edit menu items”.
Figure 3.4. The “Edit” Menu
【Wireshark】Chapter 3. User Interface相关推荐
- 【转】Principles of User Interface Design
[原文]:[url=http://bokardo.com/principles-of-user-interface-design/]http://bokardo.com/principles-of-u ...
- 猿如意中的【Wireshark】网络包分析工具详情介绍
一.工具名称 Wireshark-win64-3.6.5 二.下载安装渠道 Wireshark-win64-3.6.5 通过CSDN官方开发的[猿如意]客户端进行下载安装. 对,你没有看错,就是来自C ...
- 【Objective-C】java中的interface与Objective-C中的interface的区别
java中的interface interface叫做接口,是一种特殊的抽象类 一个接口中,所有方法为公开.抽象方法:所有的属性都是公开.静态.常量. 一个类只能继承一个类,但是能实现多个接口,这样可 ...
- 【wireshark】如何获取一个设备的IP地址
问题 开发中往往会出现无法知道设备正确的IP地址,从而无法连接到设备. 解决方式: 使用软件工具wireshark来获取设备IP地址. 可以实现不同网段捕获设备IP 具体流程: 1. 下载wiresh ...
- 【索引】Chapter 1. Algorithm Design
AOAPC I: Beginning Algorithm Contests -- Training Guide (Rujia Liu) Chapter 1. Algorithm Design Gene ...
- 【Wireshark】快速上手Wireshark
一.Wireshark介绍 1.什么是Wireshark Wireshark(前称Ethereal)是一个网络封包分析软件.网络封包分析软件的功能是截取网络封包,并尽可能显示出最为详细的网络封包资料. ...
- 【Wireshark 】实战!我用 Wireshark 让你“看见“ TCP (学习到TCP 流量控制)
原文:https://www.cnblogs.com/xiaolincoding/p/12922927.html 前言 "哈?啥是大白鲨?" 咳咳,主要是因为网络分析工具 Wire ...
- 网络抓包工具——【wireshark】使用入门教程
一.软件介绍 二.抓包示例 三.界面讲解 1. Display Filter(显示过滤器) 2.Packet List Pane(数据包列表) 3.Packet Details Pane(数据包详细信 ...
- 【USACO】【数论】【DP】 Chapter 4 Section 1,1麦香牛块题解
题目 题目描述 农夫布朗的奶牛们正在进行斗争,因为它们听说麦当劳正在考虑引进一种新产品:麦香牛块.奶牛们正在想尽一切办法让这种可怕的设想泡汤.奶牛们进行斗争的策略之一是"劣质的包装" ...
最新文章
- NodeJs初学者经典入门解析
- 本地安装discuz x2.5(论坛站)程序
- 【Flask】数据的CRUD之更新和删除操作
- php ajax 点击后刷新当前页面,ajax请求值后返回会刷新页面?
- vue 计算屏幕的高度_学习Vue可以参考的10个开源项目——OpenSource
- Linux Redhat5.7系统配置网易的yum源
- 机器学习——支持向量机SVM之非线性模型(原问题和对偶问题)
- rabbitmq中文教程python版 - Topics
- Javascript基于对象基础
- android 模拟crash_Android 收集Crash信息及用户操作步骤
- 大数据之-Hadoop3.x_MapReduce_Combiner案例---大数据之hadoop3.x工作笔记0119
- 解决在使用CSS3制作不间断轮播图中 收尾连接后Interval 延时问题
- 车型车系品牌api离线版 CarApi
- 爽爆!阿里腾讯都在传的MySQL精华手册,GitHub标星89K
- AD16 pdf打印输出彩色
- 使用html制作一个网页
- python几个循环_python 几个循环的效率测试
- 架构设计的深入思考与总结——概述
- 程序员怎样才能写出一篇好的博客或者技术文章
- 程序员情人节脱单指南