Yes wireshark First make a general introduction to the operation interface , Later, we will share the key tools .

1. main window

Standard three panel interface , Package analysis is mainly operated in this interface

2. The toolbar

Upper clustering tool , Bottom shortcut

– file

Mainly for the operation of packet capturing files ：

• file open , preservation
• Export specific groups
  You can choose to export all packages , The package displayed in the main interface , The package selected in the main interface ,marked My bag , First to last marked Between packages , Set the package of the package sequence number segment , Do not save ignored packages when saving .
  
• Export specific formats （pcap,csv, Text txt,XML,json etc. ）
  export CSV Format can excel Open for further statistical analysis

– edit

The most commonly used in editing is preferences , Others are basically shortcuts , You can see it at a glance , No more introduction
Preferences

• Protocol configuration , It's very important ,wireshark It is actually a tool for analyzing protocols , Sometimes option configuration is required for protocol rendering analysis , This is a key point
• appearance , Fonts can be configured , Color , Layout and other information
  
• filter , Add filter , When filtering, just click the button

– View

Mainly the setting of display , The time format setting is used most , There are many other shortcuts

– Jump

Rarely use , They are usually shortcuts

– Capture

Mainly the control of packet capturing

• Capture options
  
  Configure the packet capturing interface , Grab filter , Packet capturing output segmentation file conditions , Automatically stop packet capturing conditions, etc .

– analysis

This is an important tool set , Mainly package analysis tools , Can greatly mention wireshark Analysis efficiency of , Key learning contents .

• As a filter , Take the field content in the package as the direct filter condition , Click to select the relationship with existing filter conditions （ Boolean operation relation ）, Then it will be filtered immediately .
• Prepare as filter condition , The function is basically the same as the above , It just won't be filtered immediately , Just prepare filter syntax , Click execute filter later to execute
• Decoding for , What protocol is used to parse the package configuration
• Tracking flow , Put the mouse on your bag , You can track and filter the corresponding flow
• Expert information , Analyze the information of the whole package , You can see if there is any abnormal information in it

– Statistics

Various statistics can be made on signaling , It belongs to the tool set to be learned , The tools inside are very practical , Share later .

– help

Here you can see wireshark Version and help documentation information , It can also be the most wireshark Version upgrade .

3. Common operation bar

wireshark The main analysis and filtering operations are carried out here , Mainly input and display filter formula , Field search uses the window .

4. status bar

Main display , Bao Wenming , Profile name , And how many groups there are in the open file , How many groups are currently displayed （ For example, after performing conditional filtering , Only the groups hit by the filter rule are displayed ）.