Lets take a look at wireshark interface with a little more detail. Take a look at menu choices with five commonly accessed menu choices.
you may also like: How to Download and install Wireshark?
Five commonly accessed menu of Wireshark interface
From the file menu, we can obtain a file and open a recent file, here i go to file then open file and get ATCP example, now we have something to look at.
Moving towards edit, edit allow you to do common editing text such as find packet, find next and add a packet comment and at the end of edit we conceive where we can modify the preferences, i select that, at the top of it you will see the profile default, you can make additional profiles but now you can stay on default.
Briefly look at the user interface how you want wireshark to be displayed to you. Most commonly viewed is where you see the three Panes.
- Packet list
- Packet detail
- Packet bytes
Protocols is where i can drop down and check the specific information about the certain protocol. If i select any of those from the top and simple type TCP, we go to TCP and another option i want modify.
For example in TCP, take a look at some other preferences, some other those i would like to have and some other those possibly i would not like to have. For example, valid the TCP check some if possible is not checked that is because the check sum is used for error detection on our network. The fact is in most cases the check sum is off loaded in is incorrect, so i unchecked it so it does not look like in it. Relative sequence number, i would like to check that because the sequence number that is generated is generally a large number is put more into relative to the packet capture in make sense. For example, instead of large number like 592379 for my 1st sequence number, the sequence number will simply be one.
Now to look at view, we can see how we want items to be appear on screen. We look at packet list, packet detail and packet byte.This is the default. When we open wireshark it is defaulted. Packet list and packet detail are important. Packet byte is the panel at the bottom of the screen. In most cases, it does not make sense so we general unchecked that
We go to view and then time display format. In time display format you see that default is second since beginning of capture. However if we want to see how fast packets are coming into.
Most likely second since previously capture packet or if i have to display filter select second since previously displayed packet.
Down at the buttom you see the precision, this is telling how many does points going to add in most cases it’s better to leave automatically file, but if i want to see that in how many seconds attack occur i can select the seconds.
Let’s took a look at frame header, in frame header we have source and destination MAC address, click on the view and go to name resolution and enable for MAC layer. After this you will see first Six digit convert into manufacturer. Same like that we have many other features in name resolution. You can select enable for network layer resolution
lets take a look on capture options first of all if already make some selection which interface i want to capture then i will click on green which simply say start.
in statistics we have many many choices, but take a look at some important features, first is summary. It give us the detail of individual captured packets including file name, size, created date and comments.
Latest posts by Hamza Arif (see all)
- What is RDP (Remote Desktop Protocol) & How RDP works - July 20, 2018
- Understanding SNMP & Install and configure SNMP - July 18, 2018
- Ping, Tracert, PathPing – Troubleshoot Network - July 17, 2018