Lets look at Wireshark's user interface. Figureá3.1, “The Main window” shows Wireshark as you would usually see it after some packets captured or loaded (how to do this will be described later).
Wireshark's main window consist of parts that are commonly known from many other GUI programs.
The menu (see Sectioná3.4, “The Menu”) is used to start actions.
The main toolbar (see Sectioná3.13, “The "Main" toolbar”) provides quick access to frequently used items from the menu.
The filter toolbar (see Sectioná3.14, “The "Filter" toolbar”) provides a way to directly manipulate the currently used display filter (see Sectioná6.3, “Filtering packets while viewing”).
The packet list pane (see Sectioná3.15, “The "Packet List" pane”) displays a summary of each packet captured. By clicking on packets in this pane you control what is displayed in the other two panes.
The packet details pane (see Sectioná3.16, “The "Packet Details" pane”) displays the packet selected in the packet list pane in more detail.
The packet bytes pane (see Sectioná3.17, “The "Packet Bytes" pane”) displays the data from the packet selected in the packet list pane, and highlights the field selected in the packet details pane.
The statusbar (see Sectioná3.18, “The Statusbar”) shows some detailed information about the current program state and the captured data.
![[Tip]](/file/23802/PCWorld_2007-09_cd.bin/v cisle/wireshark/wireshark-setup-0.99.6a.exe/user-guide.chm/wsug_chm/wsug_graphics/tip.png) | Tip! |
|---|---|
The layout of the main window can be customized by changing preference settings. See Sectioná9.5, “Preferences” for details! |
Packet list and detail navigation can be done entirely from the keyboard. Tableá3.1, “Keyboard Navigation” shows a list of keystrokes that will let you quickly move around a capture file. See Tableá3.5, “Go menu items” for additional navigation keystrokes.
Tableá3.1.áKeyboard Navigation
| Accelerator | Description |
|---|---|
| Tab, Shift+Tab | Move between screen elements, e.g. from the toolbars to the packet list to the packet detail. |
| Down | Move to the next packet or detail item. |
| Up | Move to the previous packet or detail item. |
| Ctrl+Down, F8 | Move to the next packet, even if the packet list isn't focused. |
| Ctrl+Up, F7 | Move to the previous packet, even if the packet list isn't focused. |
| Left | In the packet detail, closes the selected tree item. If it's already closed, jumps to the parent node. |
| Right | In the packet detail, opens the selected tree item. |
| Shift+Right | In the packet detail, opens the selected tree item and all of its subtrees. |
| Ctrl+Right | In the packet detail, opens all tree items. |
| Ctrl+Left | In the packet detail, closes all tree items. |
| Backspace | In the packet detail, jumps to the parent node. |
| Return, Enter | In the packet detail, toggles the selected tree item. |
Additionally, typing anywhere in the main window will start filling in a display filter.