The Wireshark main window appears when Wireshark starts capturing a packet, or when a .pcap file is open for offline viewing. It looks similar to the following screenshot:
The Wireshark UI interface consists of different panes and provides various options to the user for customizing it. In this chapter, we will cover these panes in detail:
|
Item |
What is it? |
|---|---|
|
The red box |
This shows that Wireshark is running and capturing a packet |
|
1 |
This is the Filter toolbar, used for filtering packets based on the applied filter |
|
2 |
This is the Packet List pane, which displays all captured packets |
|
3 |
This is the Packet Details pane, which shows the selected packet in a verbose form |
|
4 |
This is the Packet Byte pane, which shows the selected packet in a hex dump format |
First, just observe pane 2 in the screen; the displayed packets appear with different colors. This is one of Wireshark's best features; it colors packets according to the set filter and helps you visualize the packet...