3.3. The Main window

Let's look at Wireshark's user interface. Figure 3.1, “The Main window” shows Wireshark as you would usually see it after some packets are captured or loaded (how to do this will be described later).

Figure 3.1. The Main window

The Main window

Wireshark's main window consists of parts that are commonly known from many other GUI programs.

  1. The menu (see Section 3.4, “The Menu”) is used to start actions.

  2. The main toolbar (see Section 3.14, “The "Main" toolbar”) provides quick access to frequently used items from the menu.

  3. The filter toolbar (see Section 3.15, “The "Filter" toolbar”) provides a way to directly manipulate the currently used display filter (see Section 6.3, “Filtering packets while viewing”).

  4. The packet list pane (see Section 3.16, “The "Packet List" pane”) displays a summary of each packet captured. By clicking on packets in this pane you control what is displayed in the other two panes.

  5. The packet details pane (see Section 3.17, “The "Packet Details" pane”) displays the packet selected in the packet list pane in more detail.

  6. The packet bytes pane (see Section 3.18, “The "Packet Bytes" pane”) displays the data from the packet selected in the packet list pane, and highlights the field selected in the packet details pane.

  7. The statusbar (see Section 3.19, “The Statusbar”) shows some detailed information about the current program state and the captured data.

[Tip]Tip!

The layout of the main window can be customized by changing preference settings. See Section 9.5, “Preferences” for details!

3.3.1. Main Window Navigation

Packet list and detail navigation can be done entirely from the keyboard. Table 3.1, “Keyboard Navigation” shows a list of keystrokes that will let you quickly move around a capture file. See Table 3.5, “Go menu items” for additional navigation keystrokes.

Table 3.1. Keyboard Navigation

AcceleratorDescription
Tab, Shift+Tab

Move between screen elements, e.g. from the toolbars to the packet list to the packet detail.

Down

Move to the next packet or detail item.

Up

Move to the previous packet or detail item.

Ctrl+Down, F8

Move to the next packet, even if the packet list isn't focused.

Ctrl+Up, F7

Move to the previous packet, even if the packet list isn't focused.

Left

In the packet detail, closes the selected tree item. If it's already closed, jumps to the parent node.

Right

In the packet detail, opens the selected tree item.

Shift+Right

In the packet detail, opens the selected tree item and all of its subtrees.

Ctrl+Right

In the packet detail, opens all tree items.

Ctrl+Left

In the packet detail, closes all tree items.

Backspace

In the packet detail, jumps to the parent node.

Return, Enter

In the packet detail, toggles the selected tree item.

Additionally, typing anywhere in the main window will start filling in a display filter.