TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Sabrina Barbey
Webmaster:
Blaise Carrera
WIRESHARK - The Easy Tutorial - Platform

Wireshark Platform
Last Change : Dec 10 2010




Tool
Tutorial
Ergonomy
Forum



Details What is Wireshark?
Screenshots
Prerequisites
Installation
Launch Wireshark
Platform
Filters
Statistics




If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!


After having launched Wireshark with success, we are ready to examine the Wireshark platform in order to use this fantastic tool.

Below, a screenshot taken when the 192.168.1.2 machine surfs on the "openmaniak.com" web site.

wireshark frontend


1. MENUS
2. SHORTCUTS
3. DISPLAY FILTER
4. PACKET LIST PANE
5. PACKET DETAILS PANE
6. DISSECTOR PANE
7. MISCELLANOUS
 
 



1. MENUS

wireshark menus
The eight menus at the top of the platform are used to configure Wireshark:

- "File"
- "Edit"
- "View"
- "Go"
- "Capture"
- "Analyze"
- "Statistics"
- "Help"
Opens or save a capture.
Finds or mark packets. Configures the global preferences.
Configures the Wireshark platform view.
Reach data inside the capture.
Sets capture filters options and starts the capture.
Sets Analyze options.
Views Wireshark statistics.
Finds local or online support.
Top of the page



2. SHORTCUTS

wireshark shortcuts
Useful shortcuts are available just below the menus.
Information can be obtained when you move the mouse pointer over the icons.

Top of the page




3. DISPLAY FILTER

wireshark display filter
The display filter is used to search inside the captured logs.
Do not confound the capture and display filters. For full details, check the
Wireshark filters tutorial.

Top of the page



4. PACKET LIST PANE

wireshark packet filter pane
wireshark packet filter pane
The packet list pane displays all the captured packets. You can get information such as the source or destination MAC/IP addresses, the TCP/UDP ports number, the protocol or the packet content.

If an OSI layer 2 packet is captured you will see MAC addresses in the source and destination columns and, of course, nothing in the port column.
If an OSI layer 3 or upper packet is captured you will see IP addresses in the source and destination columns. The port column is populated only if the packet is at the layer 4 or upper.

You can add/remove columns or change some colors in the pane as follows:
Edit menu -> Preferences

Top of the page



5. PACKET DETAILS PANE

wireshark packet filter pane
The packet details pane gives in depth information about a packet selected in the packet list pane.
The information is displayed per OSI layer and can be expanded and collapsed. On the screenshot below, the HTTP information is expended.

wireshark packet details pane
Top of the page



6. DISSECTOR PANE

wireshark packet dissector pane
The dissector panel also called "packet bytes pane" by Wireshark, displays the same information as those provided on the packet details pane but in the hexadecimal style.
In the example above, we selected the TCP port number (80) in the packet details pane and its hexadecimal equivalent is automatically displayed in the dissector pane (0050).

Top of the page



7. MISCELLANOUS

wireshark miscellanous
At the bottom of the platform, you can find the following information:

- The network card used for the capture.
- If the capture is running or stopped.
- Where the capture is stored on the hard drive.
- the capture size.
- the number of captured packets. (P)
- the number of displayed packets. (D) (Packets matching the display filter)
- the number of marked packets. (M)

Top of the page






If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!