[metze/wireshark/wip.git] / docbook / wsug_src / WSUG_chapter_use.asciidoc

++++++++++++++++++++++++++++++++++++++
<!-- WSUG User Interface Chapter -->
++++++++++++++++++++++++++++++++++++++

[[ChapterUsing]]

== User Interface

[[ChUseIntroductionSection]]

=== Introduction

By now you have installed Wireshark and are most likely keen to get started
capturing your first packets. In the next chapters we will explore:

* How the Wireshark user interface works
* How to capture packets in Wireshark
* How to view packets in Wireshark
* How to filter packets in Wireshark
* ... and many other things!

[[ChUseStartSection]]

=== Start Wireshark

You can start Wireshark from your shell or window manager.

[TIP]
.Power user tip
====
When starting Wireshark it's possible to specify optional settings using the
command line. See <<ChCustCommandLine>> for details.
====

In the following chapters a lot of screenshots from Wireshark will be shown. As
Wireshark runs on many different platforms with many different window managers,
different styles applied and there are different versions of the underlying GUI
toolkit used, your screen might look different from the provided screenshots.
But as there are no real differences in functionality these screenshots should
still be well understandable.

[[ChUseMainWindowSection]]

=== The Main window

Let's look at Wireshark's user interface. <<ChUseFig01>> shows Wireshark as you
would usually see it after some packets are captured or loaded (how to do this
will be described later).

[[ChUseFig01]]
.The Main window
image::wsug_graphics/ws-main.png[{screenshot-attrs}]

Wireshark's main window consists of parts that are commonly known from many
other GUI programs.

. The _menu_ (see <<ChUseMenuSection>>) is used to start actions.
. The _main toolbar_ (see <<ChUseMainToolbarSection>>) provides quick access to
  frequently used items from the menu.
. The _filter toolbar_ (see <<ChUseFilterToolbarSection>>) provides a way to
  directly manipulate the currently used display filter (see
  <<ChWorkDisplayFilterSection>>).
. The _packet list pane_ (see <<ChUsePacketListPaneSection>>) displays a summary
  of each packet captured. By clicking on packets in this pane you control what is
  displayed in the other two panes.
. The _packet details pane_ (see <<ChUsePacketDetailsPaneSection>>) displays the
  packet selected in the packet list pane in more detail.
. The _packet bytes pane_ (see <<ChUsePacketBytesPaneSection>>) displays the
  data from the packet selected in the packet list pane, and highlights the field
  selected in the packet details pane.
. The _statusbar_ (see <<ChUseStatusbarSection>>) shows some detailed
  information about the current program state and the captured data.

[TIP]
====
The layout of the main window can be customized by changing preference settings.
See <<ChCustPreferencesSection>> for details!
====

[[ChUseMainWindowNavSection]]

==== Main Window Navigation

Packet list and detail navigation can be done entirely from the keyboard.
<<ChUseTabNav>> shows a list of keystrokes that will let you quickly move around
a capture file. See <<ChUseTabGo>> for additional navigation keystrokes.

[[ChUseTabNav]]
.Keyboard Navigation
[options="header",cols="1,3"]
|===============
|Accelerator               |Description
|kbd:[Tab], kbd:[Shift+Tab]|Move between screen elements, e.g. from the toolbars to the packet list to the packet detail.
|kbd:[Down]                |Move to the next packet or detail item.
|kbd:[Up]                  |Move to the previous packet or detail item.
|kbd:[Ctrl+Down], kbd:[F8] |Move to the next packet, even if the packet list isn't focused.
|kbd:[Ctrl+Up], kbd:[F7]   |Move to the previous packet, even if the packet list isn't focused.
|kbd:[Ctrl+.]              |Move to the next packet of the conversation (TCP, UDP or IP).
|kbd:[Ctrl+&#x2c;]         |Move to the previous packet of the conversation (TCP, UDP or IP).
|kbd:[Alt+Right] or kbd:[Option+Right] (macOS) |Move to the next packet in the selection history.
|kbd:[Alt+Left] or kbd:[Option+Right] (macOS)  |Move to the previous packet in the selection history.
|kbd:[Left]                |In the packet detail, closes the selected tree item. If it's already closed, jumps to the parent node.
|kbd:[Right]               |In the packet detail, opens the selected tree item.
|kbd:[Shift+Right]         |In the packet detail, opens the selected tree item and all of its subtrees.
|kbd:[Ctrl+Right]          |In the packet detail, opens all tree items.
|kbd:[Ctrl+Left]           |In the packet detail, closes all tree items.
|kbd:[Backspace]           |In the packet detail, jumps to the parent node.
|kbd:[Return], kbd:[Enter] |In the packet detail, toggles the selected tree item.
|===============

menu:Help[About Wireshark,Keyboard Shortcuts] will show a list of all shortcuts
in the main window. Additionally, typing anywhere in the main window will start
filling in a display filter.

[[ChUseMenuSection]]

=== The Menu

Wireshark's main menu is located either at the top of the main window (Windows,
Linux) or at the top of your main screen (macOS). An example is shown in
<<ChUseWiresharkMenu>>.

[NOTE]
====
Some menu items will be disabled (greyed out) if the corresponding feature isn't
available. For example, you cannot save a capture file if you haven't captured
or loaded any packets.
====

[[ChUseWiresharkMenu]]
.The Menu
image::wsug_graphics/ws-menu.png[{screenshot-attrs}]

The main menu contains the following items:

menu:File[]::
This menu contains items to open and merge capture files, save, print, or export
capture files in whole or in part, and to quit the Wireshark application. See
<<ChUseFileMenuSection>>.

menu:Edit[]::
This menu contains items to find a packet, time reference or mark one or more
packets, handle configuration profiles, and set your preferences; (cut, copy,
and paste are not presently implemented). See <<ChUseEditMenuSection>>.

menu:View[]::
This menu controls the display of the captured data, including colorization of
packets, zooming the font, showing a packet in a separate window, expanding and
collapsing trees in packet details, .... See <<ChUseViewMenuSection>>.

menu:Go[]::
This menu contains items to go to a specific packet. See <<ChUseGoMenuSection>>.

menu:Capture[]::
This menu allows you to start and stop captures and to edit capture filters. See
<<ChUseCaptureMenuSection>>.

menu:Analyze[]::
This menu contains items to manipulate display filters, enable or disable the
dissection of protocols, configure user specified decodes and follow a TCP
stream. See <<ChUseAnalyzeMenuSection>>.

menu:Statistics[]::
This menu contains items to display various statistic windows, including a
summary of the packets that have been captured, display protocol hierarchy
statistics and much more. See <<ChUseStatisticsMenuSection>>.

menu:Telephony[]::
This menu contains items to display various telephony related statistic windows,
including a media analysis, flow diagrams, display protocol hierarchy statistics
and much more. See <<ChUseTelephonyMenuSection>>.

menu:Wireless[]::
The items in this menu show Bluetooth and IEEE 802.11 wireless statistics.

menu:Tools[]::
This menu contains various tools available in Wireshark, such as creating
Firewall ACL Rules. See <<ChUseToolsMenuSection>>.

menu:Help[]::
This menu contains items to help the user, e.g. access to some basic help,
manual pages of the various command line tools, online access to some of the
webpages, and the usual about dialog. See <<ChUseHelpMenuSection>>.

Each of these menu items is described in more detail in the sections that follow.

[TIP]
.Shortcuts make life easier
====
Most common menu items have keyboard shortcuts. For example, you can
press the Control (or Strg in German) and the K keys together to open the
``Capture Options'' dialog.
====

[[ChUseFileMenuSection]]

=== The ``File'' menu

The Wireshark file menu contains the fields shown in <<ChUseTabFile>>.

[[ChUseWiresharkFileMenu]]
.The ``File'' Menu
image::wsug_graphics/ws-file-menu.png[{screenshot-attrs}]

[[ChUseTabFile]]
.File menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item                            |Accelerator |Description

|menu:Open...[]                       |kbd:[Ctrl+O]|
This shows the file open dialog box that allows you to load a
capture file for viewing. It is discussed in more detail in <<ChIOOpen>>.

|menu:Open Recent[]                   |            |
This lets you open recently opened capture files.
Clicking on one of the submenu items will open the corresponding capture file
directly.

|menu:Merge...[]                      |            |
This menu item lets you merge a capture file into the currently loaded one. It
is discussed in more detail in <<ChIOMergeSection>>.

|menu:Import from Hex Dump...[]       |            |
This menu item brings up the import file dialog box that allows you to import a
text file containing a hex dump into a new temporary capture. It is discussed in
more detail in <<ChIOImportSection>>.

|menu:Close[]                         |kbd:[Ctrl+W]|
This menu item closes the current capture. If you haven't saved the capture, you
will be asked to do so first (this can be disabled by a preference setting).

|menu:Save[]                          |kbd:[Ctrl+S]|
This menu item saves the current capture. If you have not set a default capture
file name (perhaps with the -w &lt;capfile&gt; option), Wireshark pops up the
Save Capture File As dialog box (which is discussed further in <<ChIOSaveAs>>).

If you have already saved the current capture, this menu item will be greyed
out.

You cannot save a live capture while the capture is in progress. You must
stop the capture in order to save.

|menu:Save As...[]                    |kbd:[Shift+Ctrl+S]|
This menu item allows you to save the current capture file to whatever file you
would like. It pops up the Save Capture File As dialog box (which is discussed
further in <<ChIOSaveAs>>).

|menu:File Set[List Files]            ||
This menu item allows you to show a list of files in a file set. It pops up the
Wireshark List File Set dialog box (which is discussed further in
<<ChIOFileSetSection>>).

|menu:File Set[Next File]             ||
If the currently loaded file is part of a file set, jump to the next file in the
set. If it isn't part of a file set or just the last file in that set, this item
is greyed out.

|menu:File Set[Previous File]         ||
If the currently loaded file is part of a file set, jump to the previous file in
the set. If it isn't part of a file set or just the first file in that set, this
item is greyed out.

|menu:Export Specified Packets...[]                 ||
This menu item allows you to export all (or some) of the packets in the capture
file to file. It pops up the Wireshark Export dialog box (which is discussed
further in <<ChIOExportSection>>).

|menu:Export Packet Dissections...[]|kbd:[Ctrl+H]|
These menu items allow you to export the currently selected bytes in the packet
bytes pane to a text file file in a number of formats including plain, CSV,
and XML. It is discussed further in <<ChIOExportSelectedDialog>>.

|menu:Export Objects[]           ||
These menu items allow you to export captured DICOM, HTTP, SMB, or TFTP objects
into local files. It pops up a corresponding object list (which is discussed
further in <<ChIOExportObjectsDialog>>)

|menu:Print...[]                      |kbd:[Ctrl+P]|
This menu item allows you to print all (or some) of the packets in the capture
file. It pops up the Wireshark Print dialog box (which is discussed further in
<<ChIOPrintSection>>).

|menu:Quit[]                          |kbd:[Ctrl+Q]|
This menu item allows you to quit from Wireshark. Wireshark will ask to save
your capture file if you haven't previously saved it (this can be disabled by a
preference setting).

|===============

[[ChUseEditMenuSection]]

=== The ``Edit'' menu

The Wireshark Edit menu contains the fields shown in <<ChUseTabEdit>>.

[[ChUseWiresharkEditMenu]]
.The ``Edit'' Menu
image::wsug_graphics/ws-edit-menu.png[{screenshot-attrs}]

[[ChUseTabEdit]]
.Edit menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item                                    |Accelerator       |Description
|menu:Copy[]                                  ||
These menu items will copy the packet list, packet detail, or properties of
the currently selected packet to the clipboard.

|menu:Find Packet...[]                        |kbd:[Ctrl+F]      |
This menu item brings up a toolbar that allows you to find a packet by many
criteria. There is further information on finding packets in
<<ChWorkFindPacketSection>>.

|menu:Find Next[]                             |kbd:[Ctrl+N]      |
This menu item tries to find the next packet matching the settings from ``Find
Packet...''.

|menu:Find Previous[]                         |kbd:[Ctrl+B]      |
This menu item tries to find the previous packet matching the settings from
``Find Packet...''.

|menu:Mark/Unmark Packet[]                    |kbd:[Ctrl+M]      |
This menu item marks the currently selected packet. See
<<ChWorkMarkPacketSection>> for details.

|menu:Mark All Displayed Packets[]            |kbd:[Shift+Ctrl+M]|
This menu item marks all displayed packets.

|menu:Unmark All Displayed Packets[]          |kbd:[Ctrl+Alt+M]  |
This menu item unmarks all displayed packets.

|menu:Next Mark[]                             |kbd:[Shift+Alt+N] |
Find the next marked packet.

|menu:Previous Mark[]                         |kbd:[Shift+Alt+B] |
Find the previous marked packet.

|menu:Ignore/Unignore Packet[]                |kbd:[Ctrl+D]      |
This menu item marks the currently selected packet as ignored. See
<<ChWorkIgnorePacketSection>> for details.

|menu:Ignore All Displayed[]                  |kbd:[Shift+Ctrl+D]|
This menu item marks all displayed packets as ignored.

|menu:Unignore All Displayed[]                |kbd:[Ctrl+Alt+D]  |
This menu item unmarks all ignored packets.

|menu:Set/Unset Time Reference[]              |kbd:[Ctrl+T]      |
This menu item set a time reference on the currently selected packet. See
<<ChWorkTimeReferencePacketSection>> for more information about the time
referenced packets.

|menu:Unset All Time References[]             |kbd:[Ctrl+Alt+T]  |
This menu item removes all time references on the packets.

|menu:Next Time Reference[]                   |kbd:[Ctrl+Alt+N]  |
This menu item tries to find the next time referenced packet.

|menu:Previous Time Reference[]               |kbd:[Ctrl+Alt+B]  |
This menu item tries to find the previous time referenced packet.

|menu:Time Shift[]               |kbd:[Ctrl+Shift+T]  |
This will show the Time Shift dialog, which allows you to adjust the
timestamps of some or all packets.

|menu:Packet Comment...[]               ||
This will let you add a comment to a single packet. Note that the ability
to save packet comments depends on your file format. E.g. pcapng supports
comments, pcap does not.

|menu:Capture Comment...[]               ||
This will let you add a capture comment. Note that the ability to save
capture comments depends on your file format. E.g. pcapng supports
comments, pcap does not.

|menu:Configuration Profiles...[]             |kbd:[Shift+Ctrl+A]|
This menu item brings up a dialog box for handling configuration profiles.  More
detail is provided in <<ChCustConfigProfilesSection>>.

|menu:Preferences...[]                        |kbd:[Shift+Ctrl+P] or kbd:[Cmd+,] (macOS)|
This menu item brings up a dialog box that allows you to set preferences for
many parameters that control Wireshark.  You can also save your preferences so
Wireshark will use them the next time you start it. More detail is provided in
<<ChCustPreferencesSection>>.

|===============

[[ChUseViewMenuSection]]

=== The ``View'' menu

The Wireshark View menu contains the fields shown in <<ChUseTabView>>.

[[ChUseWiresharkViewMenu]]
.The ``View'' Menu
image::wsug_graphics/ws-view-menu.png[{screenshot-attrs}]

[[ChUseTabView]]
.View menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item              |Accelerator|Description
|menu:Main Toolbar[]    ||This menu item hides or shows the main toolbar, see <<ChUseMainToolbarSection>>.
|menu:Filter Toolbar[]  ||This menu item hides or shows the filter toolbar, see <<ChUseFilterToolbarSection>>.
|menu:Wireless Toolbar[]||This menu item hides or shows the wireless toolbar. May not be present on some platforms.
|menu:Statusbar[]       ||This menu item hides or shows the statusbar, see <<ChUseStatusbarSection>>.
|menu:Packet List[]     ||This menu item hides or shows the packet list pane, see <<ChUsePacketListPaneSection>>.
|menu:Packet Details[]  ||This menu item hides or shows the packet details pane, see <<ChUsePacketDetailsPaneSection>>.
|menu:Packet Bytes[]    ||This menu item hides or shows the packet bytes pane, see <<ChUsePacketBytesPaneSection>>.
|menu:Time Display Format[Date and Time of Day: 1970-01-01 01:02:03.123456]|| Selecting this tells Wireshark to display the time stamps in date and time of day format, see <<ChWorkTimeFormatsSection>>.

The fields "Time of Day", "Date and Time of Day", "Seconds Since Beginning of
Capture", "Seconds Since Previous Captured Packet" and "Seconds Since Previous
Displayed Packet" are mutually exclusive.

|menu:Time Display Format[Time of Day: 01:02:03.123456]||Selecting this tells Wireshark to display time stamps in time of day format, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Seconds Since Epoch (1970-01-01): 1234567890.123456]||Selecting this tells Wireshark to display time stamps in seconds since 1970-01-01 00:00:00, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Seconds Since Beginning of Capture: 123.123456]||Selecting this tells Wireshark to display time stamps in seconds since beginning of capture format, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Seconds Since Previous Captured Packet: 1.123456]||Selecting this tells Wireshark to display time stamps in seconds since previous captured packet format, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Seconds Since Previous Displayed Packet: 1.123456]||Selecting this tells Wireshark to display time stamps in seconds since previous displayed packet format, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Automatic (File Format Precision)]||Selecting this tells Wireshark to display time stamps with the precision given by the capture file format used, see <<ChWorkTimeFormatsSection>>.

The fields "Automatic", "Seconds" and "...seconds" are mutually exclusive.

|menu:Time Display Format[Seconds: 0]||Selecting this tells Wireshark to display time stamps with a precision of one second, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[...seconds: 0....]||Selecting this tells Wireshark to display time stamps with a precision of one second, decisecond, centisecond, millisecond, microsecond or nanosecond, see <<ChWorkTimeFormatsSection>>.
|menu:Time Display Format[Display Seconds with hours and minutes]||Selecting this tells Wireshark to display time stamps in seconds, with hours and minutes.
|menu:Name Resolution[Resolve Name]||This item allows you to trigger a name resolve of the current packet only, see <<ChAdvNameResolutionSection>>.
|menu:Name Resolution[Enable for MAC Layer]||This item allows you to control whether or not Wireshark translates MAC addresses into names, see <<ChAdvNameResolutionSection>>.
|menu:Name Resolution[Enable for Network Layer]||This item allows you to control whether or not Wireshark translates network addresses into names, see <<ChAdvNameResolutionSection>>.
|menu:Name Resolution[Enable for Transport Layer]||This item allows you to control whether or not Wireshark translates transport addresses into names, see <<ChAdvNameResolutionSection>>.
|menu:Colorize Packet List[]||This item allows you to control whether or not Wireshark should colorize the packet list.

Enabling colorization will slow down the display of new packets while capturing / loading capture files.

|menu:Auto Scroll in Live Capture[] |                   |This item allows you to specify that Wireshark should scroll the packet list pane as new packets come in, so you are always looking at the last packet.  If you do not specify this, Wireshark simply adds new packets onto the end of the list, but does not scroll the packet list pane.
|menu:Zoom In[]                     |kbd:[Ctrl+&#x2b;]  | Zoom into the packet data (increase the font size).
|menu:Zoom Out[]                    |kbd:[Ctrl+-]       | Zoom out of the packet data (decrease the font size).
|menu:Normal Size[]                 |kbd:[Ctrl+=]       | Set zoom level back to 100% (set font size back to normal).
|menu:Resize All Columns[]          |kbd:[Shift+Ctrl+R] | Resize all column widths so the content will fit into it.

Resizing may take a significant amount of time, especially if a large capture file is loaded.

|menu:Displayed Columns[]                           |                   |This menu items folds out with a list of all configured columns. These columns can now be shown or hidden in the packet list.
|menu:Expand Subtrees[]                             |kbd:[Shift+&#x2192;]|This menu item expands the currently selected subtree in the packet details tree.
|menu:Collapse Subtrees[]                           |kbd:[Shift+&#x2190;]|This menu item collapses the currently selected subtree in the packet details tree.
|menu:Expand All[]                                  |kbd:[Ctrl+&#x2192;] |Wireshark keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item expands all subtrees in all packets in the capture.
|menu:Collapse All[]                                |kbd:[Ctrl+&#x2190;] |This menu item collapses the tree view of all packets in the capture list.
|menu:Colorize Conversation[]                       |                   |This menu item brings up a submenu that allows you to color packets in the packet list pane based on the addresses of the currently selected packet. This makes it easy to distinguish packets belonging to different conversations. <<ChCustColorizationSection>>.
|menu:Colorize Conversation[Color 1-10]             |                   |These menu items enable one of the ten temporary color filters based on the currently selected conversation.
|menu:Colorize Conversation[Reset coloring]         |                   |This menu item clears all temporary coloring rules.
|menu:Colorize Conversation[New Coloring Rule...]   |                   |This menu item opens a dialog window in which a new permanent coloring rule can be created based on the currently selected conversation.
|menu:Coloring Rules...[]                           |                   |This menu item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets, see <<ChCustColorizationSection>>.
|menu:Show Packet in New Window[]                   |                   |This menu item brings up the selected packet in a separate window. The separate window shows only the tree view and byte view panes.
|menu:Reload[]                                      |kbd:[Ctrl+R]       |This menu item allows you to reload the current capture file.
|===============

[[ChUseGoMenuSection]]

=== The ``Go'' menu

The Wireshark Go menu contains the fields shown in <<ChUseTabGo>>.

[[ChUseWiresharkGoMenu]]
.The ``Go'' Menu
image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}]

[[ChUseTabGo]]
.Go menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item                              |Accelerator        |Description
|menu:Back[]                            |kbd:[Alt+&#x2190;] |Jump to the recently visited packet in the packet history, much like the page history in a web browser.
|menu:Forward[]                         |kbd:[Alt+&#x2192;] |Jump to the next visited packet in the packet history, much like the page history in a web browser.
|menu:Go to Packet...[]                 |kbd:[Ctrl+G]       |Bring up a window frame that allows you to specify a packet number, and then goes to that packet. See <<ChWorkGoToPacketSection>> for details.
|menu:Go to Corresponding Packet[]      |                   |Go to the corresponding packet of the currently selected protocol field. If the selected field doesn't correspond to a packet, this item is greyed out.
|menu:Previous Packet[]                 |kbd:[Ctrl+&#x2191;]|Move to the previous packet in the list.  This can be used to move to the previous packet even if the packet list doesn't have keyboard focus.
|menu:Next Packet[]                     |kbd:[Ctrl+&#x2193;]|Move to the next packet in the list.  This can be used to move to the previous packet even if the packet list doesn't have keyboard focus.
|menu:First Packet[]                    |kbd:[Ctrl+Home]    |Jump to the first packet of the capture file.
|menu:Last Packet[]                     |kbd:[Ctrl+End]     |Jump to the last packet of the capture file.
|menu:Previous Packet In Conversation[] |kbd:[Ctrl+&#x2c;]  |Move to the previous packet in the current conversation.  This can be used to move to the previous packet even if the packet list doesn't have keyboard focus.
|menu:Next Packet In Conversation[]     |kbd:[Ctrl+.]       |Move to the next packet in the current conversation.  This can be used to move to the previous packet even if the packet list doesn't have keyboard focus.
|===============

[[ChUseCaptureMenuSection]]

=== The ``Capture'' menu

The Wireshark Capture menu contains the fields shown in <<ChUseTabCap>>.

[[ChUseWiresharkCaptureMenu]]
.The ``Capture'' Menu
image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}]

[[ChUseTabCap]]
.Capture menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item                  |Accelerator    |Description
|menu:Interfaces...[]       |kbd:[Ctrl+I]   |This menu item brings up a dialog box that shows what's going on at the network interfaces Wireshark knows of, see <<ChCapInterfaceSection>>) .
|menu:Options...[]          |kbd:[Ctrl+K]   |This menu item brings up the Capture Options dialog box (discussed further in <<ChCapCaptureOptions>>) and allows you to start capturing packets.
|menu:Start[]               |kbd:[Ctrl+E]   |Immediately start capturing packets with the same settings than the last time.
|menu:Stop[]                |kbd:[Ctrl+E]   |This menu item stops the currently running capture, see <<ChCapStopSection>>) .
|menu:Restart[]             |kbd:[Ctrl+R]   |This menu item stops the currently running capture and starts again with the same options, this is just for convenience.
|menu:Capture Filters...[]  |               |This menu item brings up a dialog box that allows you to create and edit capture filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>
|===============

[[ChUseAnalyzeMenuSection]]

=== The ``Analyze'' menu

The Wireshark Analyze menu contains the fields shown in <<ChUseAnalyze>>.

[[ChUseWiresharkAnalyzeMenu]]
.The ``Analyze'' Menu
image::wsug_graphics/ws-analyze-menu.png[{screenshot-attrs}]

[[ChUseAnalyze]]
.Analyze menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:Display Filters...[]          ||This menu item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>
|menu:Display Filter Macros...[]    ||This menu item brings up a dialog box that allows you to create and edit display filter macros. You can name filter macros, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterMacrosSection>>
|menu:Apply as Column[]             ||This menu item adds the selected protocol item in the packet details pane as a column to the packet list.
|menu:Apply as Filter[...]          ||These menu items will change the current display filter and apply the changed filter immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.
|menu:Prepare a Filter[...]         ||These menu items will change the current display filter but won't apply the changed filter. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.
|menu:Enabled Protocols...[]        |kbd:[Shift+Ctrl+E]|This menu item allows the user to enable/disable protocol dissectors, see <<ChAdvEnabledProtocols>>
|menu:Decode As...[]                ||This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see <<ChAdvDecodeAs>>
|menu:User Specified Decodes...[]   ||This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see <<ChAdvDecodeAsShow>>
|menu:Follow TCP Stream[]           ||This menu item brings up a separate window and displays all the TCP segments captured that are on the same TCP connection as a selected packet, see <<ChAdvFollowTCPSection>>
|menu:Follow UDP Stream[]           ||Same functionality as ``Follow TCP Stream'' but for UDP streams.
|menu:Follow SSL Stream[]           ||Same functionality as ``Follow TCP Stream'' but for SSL streams. See the wiki page on link:{wireshark-wiki-url}SSL[SSL] for instructions on providing SSL keys.
|menu:Expert Info[]                 ||Open a dialog showing some expert information about the captured packets. The amount of information will depend on the protocol and varies from  very detailed to non-existent. XXX - add a new section about this and link from here
|menu:Conversation Filter[...]      ||In this menu you will find conversation filter for various protocols.
|===============

[[ChUseStatisticsMenuSection]]

=== The ``Statistics'' menu

The Wireshark Statistics menu contains the fields shown in <<ChUseStatistics>>.

[[ChUseWiresharkStatisticsMenu]]
.The ``Statistics'' Menu
image::wsug_graphics/ws-statistics-menu.png[{screenshot-attrs}]

All menu items will bring up a new window showing specific statistical information.

[[ChUseStatistics]]
.Statistics menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:Summary[]|| Show information about the data captured, see <<ChStatSummary>>.
|menu:Protocol Hierarchy[]|| Display a hierarchical tree of protocol statistics, see <<ChStatHierarchy>>.
|menu:Conversations[]|| Display a list of conversations (traffic between two endpoints), see <<ChStatConversationsWindow>>.
|menu:Endpoints[]|| Display a list of endpoints (traffic to/from an address), see <<ChStatEndpointsWindow>>.
|menu:Packet Lengths...[]||See <<ChStatXXX>>
|menu:IO Graphs[]|| Display user specified graphs (e.g. the number of packets in the course of time), see <<ChStatIOGraphs>>.
|menu:Service Response Time[]|| Display the time between a request and the corresponding response, see <<ChStatSRT>>.
|menu:ANCP[]||See <<ChStatXXX>>
|menu:Colledtd...[]||See <<ChStatXXX>>
|menu:Compare...[]||See <<ChStatXXX>>
|menu:Flow Graph...[]||See <<ChStatXXX>>
|menu:HTTP[]||HTTP request/response statistics, see <<ChStatXXX>>
|menu:IP Addresses...[]||See <<ChStatXXX>>
|menu:IP Destinations...[]||See <<ChStatXXX>>
|menu:IP Protocol Types...[]||See <<ChStatXXX>>
|menu:ONC-RPC Programs[]||See <<ChStatXXX>>
|menu:Sametime[]||See <<ChStatXXX>>
|menu:TCP Stream Graph[]||See <<ChStatXXX>>
|menu:UDP Multicast Streams[]||See <<ChStatXXX>>
|menu:WLAN Traffic[]||See <<ChStatWLANTraffic>>
|menu:BOOTP-DHCP[]||See <<ChStatXXX>>

|===============

[[ChUseTelephonyMenuSection]]

=== The ``Telephony'' menu

The Wireshark Telephony menu contains the fields shown in <<ChUseTelephony>>.

[[ChUseWiresharkTelephonyMenu]]
.The ``Telephony'' Menu
image::wsug_graphics/ws-telephony-menu.png[{screenshot-attrs}]

All menu items will bring up a new window showing specific telephony related statistical information.

[[ChUseTelephony]]
.Telephony menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:IAX2[]||See <<ChTelXXX>>
|menu:SMPP Operations...[]||See <<ChTelXXX>>
|menu:SCTP[]||See <<ChTelXXX>>
|menu:ANSI[]||See <<ChTelXXX>>
|menu:GSM[]||See <<ChTelXXX>>
|menu:H.225...[]||See <<ChTelXXX>>
|menu:ISUP Messages...[]||See <<ChTelXXX>>
|menu:LTE[]||See <<ChTelLTEMACTraffic>>
|menu:MTP3[]||See <<ChTelXXX>>
|menu:RTP[]||See <<ChTelRTPAnalysis>>
|menu:SIP...[]||See <<ChTelXXX>>
|menu:UCP Messages...[]||See <<ChTelXXX>>
|menu:VoIP Calls...[]||See <<ChTelVoipCalls>>
|menu:WAP-WSP...[]||See <<ChTelXXX>>

|===============

[[ChUseToolsMenuSection]]

=== The ``Tools'' menu

The Wireshark Tools menu contains the fields shown in <<ChUseTools>>.

[[ChUseWiresharkToolsMenu]]
.The ``Tools'' Menu
image::wsug_graphics/ws-tools-menu.png[{screenshot-attrs}]

[[ChUseTools]]
.Tools menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:Firewall ACL Rules[]|| This allows you to create command-line ACL rules for many different firewall products, including Cisco IOS, Linux Netfilter (iptables), OpenBSD pf and Windows Firewall (via netsh).  Rules for MAC addresses, IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are supported.

It is assumed that the rules will be applied to an outside interface.

|menu:Lua[]|| These options allow you to work with the Lua interpreter optionally build into Wireshark. See the ``Lua Support in Wireshark'' in the Wireshark Developer's Guide.
|===============

[[ChUseInternalsMenuSection]]

=== The ``Internals'' menu

The Wireshark Internals menu contains the fields shown in <<ChUseInternals>>.

[[ChUseWiresharkInternalsMenu]]
.The ``Internals'' Menu
image::wsug_graphics/ws-internals-menu.png[{screenshot-attrs}]

[[ChUseInternals]]
.Internals menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:Dissector tables[]|| This menu item brings up a dialog box showing the tables with subdissector relationships.
|menu:Supported Protocols (slow!)[]|| This menu item brings up a dialog box showing the supported protocols and protocol fields.
|===============

[[ChUseHelpMenuSection]]

=== The ``Help'' menu

The Wireshark Help menu contains the fields shown in <<ChUseHelp>>.

[[ChUseWiresharkHelpMenu]]
.The ``Help'' Menu
image::wsug_graphics/ws-help-menu.png[{screenshot-attrs}]

[[ChUseHelp]]
.Help menu items
[options="header",cols="3,2,5"]
|===============
|Menu Item|Accelerator|Description
|menu:Contents[]|F1| This menu item brings up a basic help system.
|menu:Manual Pages[...]|| This menu item starts a Web browser showing one of the locally installed html manual pages.
|menu:Website[]|| This menu item starts a Web browser showing the webpage from: link:{wireshark-main-url}[].
|menu:FAQ's[]|| This menu item starts a Web browser showing various FAQ's.
|menu:Downloads[]|| This menu item starts a Web browser showing the downloads from: link:{wireshark-download-url}[].
|menu:Wiki[]|| This menu item starts a Web browser showing the front page from: link:{wireshark-wiki-url}[].
|menu:Sample Captures[]|| This menu item starts a Web browser showing the sample captures from: link:{wireshark-wiki-url}SampleCaptures[].
|menu:About Wireshark[]|| This menu item brings up an information window that provides various detailed information items on Wireshark, such as how it's build, the plugins loaded, the used folders, ...

|===============

[NOTE]
====
Opening a Web browser might be unsupported in your version of Wireshark. If this
is the case the corresponding menu items will be hidden.

If calling a Web browser fails on your machine, nothing happens, or the browser
starts but no page is shown, have a look at the web browser setting in the
preferences dialog.
====

[[ChUseMainToolbarSection]]

=== The ``Main'' toolbar

The main toolbar provides quick access to frequently used items from the menu.
This toolbar cannot be customized by the user, but it can be hidden using the
View menu, if the space on the screen is needed to show even more packet data.

As in the menu, only the items useful in the current program state will be
available. The others will be greyed out (e.g. you cannot save a capture file if
you haven't loaded one).

[[ChUseWiresharkMainToolbar]]

.The ``Main'' toolbar
image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}]

[[ChUseMainToolbar]]
.Main toolbar items
[options="header",cols="1,2,2,4"]
|===============
|Toolbar Icon|Toolbar Item|Menu Item|Description
|image:wsug_graphics/toolbar/capture_interfaces_24.png[{toolbar-icon-attrs}] |btn:[Interfaces...]|menu:Capture[Interfaces...]| This item brings up the Capture Interfaces List dialog box (discussed further in <<ChCapCapturingSection>>).
|image:wsug_graphics/toolbar/capture_options_24.png[{toolbar-icon-attrs}]    |btn:[Options...]|menu:Capture[Options...]| This item brings up the Capture Options dialog box (discussed further in <<ChCapCapturingSection>>) and allows you to start capturing packets.
|image:wsug_graphics/toolbar/capture_start_24.png[{toolbar-icon-attrs}]      |btn:[Start]|menu:Capture[Start]| This item starts capturing packets with the options from the last time.
|image:wsug_graphics/toolbar/capture_stop_24.png[{toolbar-icon-attrs}]       |btn:[Stop]|menu:Capture[Stop]| This item stops the currently running live capture process <<ChCapCapturingSection>>).
|image:wsug_graphics/toolbar/capture_restart_24.png[{toolbar-icon-attrs}]    |btn:[Restart]|menu:Capture[Restart]| This item stops the currently running live capture process and restarts it again, for convenience.
|image:wsug_graphics/toolbar/stock_open_24.png[{toolbar-icon-attrs}]         |btn:[Open...]|menu:File[Open...]| This item brings up the file open dialog box that allows you to load a capture file for viewing. It is discussed in more detail in <<ChIOOpen>>.
|image:wsug_graphics/toolbar/stock_save_as_24.png[{toolbar-icon-attrs}]      |btn:[Save As...]|menu:File[Save As...]| This item allows you to save the current capture file to whatever file you would like. It pops up the Save Capture File As dialog box (which is discussed further in <<ChIOSaveAs>>).

If you currently have a temporary capture file, the Save icon  will be shown instead.

|image:wsug_graphics/toolbar/stock_close_24.png[{toolbar-icon-attrs}]        |btn:[Close]|menu:File[Close]|This item closes the current capture. If you have not saved the capture, you will be asked to save it first.
|image:wsug_graphics/toolbar/stock_refresh_24.png[{toolbar-icon-attrs}]      |btn:[Reload]|menu:View[Reload]| This item allows you to reload the current capture file.
|image:wsug_graphics/toolbar/stock_print_24.png[{toolbar-icon-attrs}]        |btn:[Print...]|menu:File[Print...]| This item allows you to print all (or some of) the packets in the capture file. It pops up the Wireshark Print dialog box (which is discussed further in <<ChIOPrintSection>>).
|image:wsug_graphics/toolbar/stock_search_24.png[{toolbar-icon-attrs}]       |btn:[Find Packet...]|menu:Edit[Find Packet...]|This item brings up a dialog box that allows you to find a packet. There is further information on finding packets in <<ChWorkFindPacketSection>>.
|image:wsug_graphics/toolbar/stock_left_arrow_24.png[{toolbar-icon-attrs}]   |btn:[Go Back]|menu:Go[Go Back]|This item jumps back in the packet history. Hold down the Alt key (Option on macOS) to go back in the selection history.
|image:wsug_graphics/toolbar/stock_right_arrow_24.png[{toolbar-icon-attrs}]  |btn:[Go Forward]|menu:Go[Go Forward]|This item jumps forward in the packet history. Hold down the Alt key (Option on macOS) to go forward in the selection history.
|image:wsug_graphics/toolbar/stock_jump_to_24.png[{toolbar-icon-attrs}]      |btn:[Go to Packet...]|menu:Go[Go to Packet...]| This item brings up a dialog box that allows you to specify a packet number to go to that packet.
|image:wsug_graphics/toolbar/stock_top_24.png[{toolbar-icon-attrs}]          |btn:[Go To First Packet]|menu:Go[First Packet]| This item jumps to the first packet of the capture file.
|image:wsug_graphics/toolbar/stock_bottom_24.png[{toolbar-icon-attrs}]       |btn:[Go To Last Packet]|menu:Go[Last Packet]| This item jumps to the last packet of the capture file.
|image:wsug_graphics/toolbar/colorize_24.png[{toolbar-icon-attrs}]           |btn:[Colorize]|menu:View[Colorize]| Colorize the packet list (or not).
|image:wsug_graphics/toolbar/autoscroll_24.png[{toolbar-icon-attrs}]         |btn:[Auto Scroll in Live Capture]|menu:View[Auto Scroll in Live Capture]| Auto scroll packet list while doing a live capture (or not).
|image:wsug_graphics/toolbar/stock_zoom_in_24.png[{toolbar-icon-attrs}]      |btn:[Zoom In]|menu:View[Zoom In]| Zoom into the packet data (increase the font size).
|image:wsug_graphics/toolbar/stock_zoom_in_24.png[{toolbar-icon-attrs}]      |btn:[Zoom Out]|menu:View[Zoom Out]| Zoom out of the packet data (decrease the font size).
|image:wsug_graphics/toolbar/stock_zoom_1_24.png[{toolbar-icon-attrs}]       |btn:[Normal Size]|menu:View[Normal Size]| Set zoom level back to 100%.
|image:wsug_graphics/toolbar/resize_columns_24.png[{toolbar-icon-attrs}]     |btn:[Resize Columns]|menu:View[Resize Columns]| Resize columns, so the content fits into them.
|image:wsug_graphics/toolbar/capture_filter_24.png[{toolbar-icon-attrs}]     |btn:[Capture Filters...]|menu:Capture[Capture Filters...]| This item brings up a dialog box that allows you to create and edit capture filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>.
|image:wsug_graphics/toolbar/display_filter_24.png[{toolbar-icon-attrs}]     |btn:[Display Filters...]|menu:Analyze[Display Filters...]| This item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>.
|image:wsug_graphics/toolbar/stock_colorselector_24.png[{toolbar-icon-attrs}]|btn:[Coloring Rules...]|menu:View[Coloring Rules...]| This item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. More detail on this subject is provided in <<ChCustColorizationSection>>.
|image:wsug_graphics/toolbar/stock_preferences_24.png[{toolbar-icon-attrs}]  |btn:[Preferences...]|menu:Edit[Preferences]| This item brings up a dialog box that allows you to set preferences for many parameters that control Wireshark.  You can also save your preferences so Wireshark will use them the next time you start it. More detail is provided in <<ChCustPreferencesSection>>
|image:wsug_graphics/toolbar/stock_help_24.png[{toolbar-icon-attrs}]         |btn:[Help]|menu:Help[Contents]| This item brings up help dialog box.
|===============

[[ChUseFilterToolbarSection]]

=== The ``Filter'' toolbar

The filter toolbar lets you quickly edit and apply display filters. More
information on display filters is available in <<ChWorkDisplayFilterSection>>.

[[ChUseWiresharkFilterToolbar]]

.The ``Filter'' toolbar
image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}]

[[ChUseFilterToolbar]]
.Filter toolbar items
[options="header",cols="1,2,4"]
|===============
|Toolbar Icon|Toolbar Item|Description
|image:wsug_graphics/toolbar/display_filter_24.png[{toolbar-icon-attrs}]|btn:[Filter:]|Brings up the filter construction dialog, described in <<FiltersDialog>>.
||_Filter input_|The area to enter or edit a display filter string, see <<ChWorkBuildDisplayFilterSection>>. A syntax check of your filter string is done while you are typing. The background will turn red if you enter an incomplete or invalid string, and will become green when you enter a valid string. You can click on the pull down arrow to select a previously-entered filter string from a list. The entries in the pull down list will remain available even after a program restart.

After you've changed something in this field, don't forget to press the Apply
button (or the Enter/Return key), to apply this filter string to the display.

This field is also where the current filter in effect is displayed.

|image:wsug_graphics/toolbar/stock_add_24.png[{toolbar-icon-attrs}]     |btn:[Expression...]|The middle button labeled "Add Expression..." opens a dialog box that lets you edit a display filter from a list of protocol fields, described in <<ChWorkFilterAddExpressionSection>>
|image:wsug_graphics/toolbar/stock_clear_24.png[{toolbar-icon-attrs}]   |btn:[Clear]|Reset the current display filter and clears the edit area.
|image:wsug_graphics/toolbar/stock_apply_20.png[{toolbar-icon-attrs}]   |btn:[Apply]|Apply the current value in the edit area as the new display filter.

Applying a display filter on large capture files might take quite a long time.

|===============

[[ChUsePacketListPaneSection]]

=== The ``Packet List'' pane

The packet list pane displays all the packets in the current capture file.

[[ChUseWiresharkListPane]]
.The ``Packet List'' pane
image::wsug_graphics/ws-list-pane.png[{screenshot-attrs}]

Each line in the packet list corresponds to one packet in the capture file. If
you select a line in this pane, more details will be displayed in the ``Packet
Details'' and ``Packet Bytes'' panes.

While dissecting a packet, Wireshark will place information from the protocol
dissectors into the columns. As higher level protocols might overwrite
information from lower levels, you will typically see the information from the
highest possible level only.

For example, let's look at a packet containing TCP inside IP inside an Ethernet
packet. The Ethernet dissector will write its data (such as the Ethernet
addresses), the IP dissector will overwrite this by its own (such as the IP
addresses), the TCP dissector will overwrite the IP information, and so on.

There are a lot of different columns available. Which columns are displayed can
be selected by preference settings, see <<ChCustPreferencesSection>>.

The default columns will show:

* btn:[No.] The number of the packet in the capture file. This number won't
  change, even if a display filter is used.

* btn:[Time] The timestamp of the packet. The presentation format of this
  timestamp can be changed, see <<ChWorkTimeFormatsSection>>.

* btn:[Source] The address where this packet is coming from.

* btn:[Destination] The address where this packet is going to.

* btn:[Protocol] The protocol name in a short (perhaps abbreviated) version.

* btn:[Length] The length of each packet.

* btn:[Info] Additional information about the packet content.

The first column shows how each packet is related to the selected packet. For
example, in the image above the first packet is selected, which is a DNS
request. Wireshark shows a rightward arrow for the request itself, followed by a
leftward arrow for the response in packet 2. Why is there a dashed line? There
are more DNS packets further down that use the same port numbers. Wireshark
treats them as belonging to the same conversation and draws a line connecting
them.

// Images were created on macOS 10.11 using a retina display. Lines were
// 36 physical pixels high.

[horizontal]
.Related packet symbols

image:wsug_graphics/related-first.png[{related-attrs}]::
  First packet in a conversation.

image:wsug_graphics/related-current.png[{related-attrs}]::
  Part of the selected conversation.

image:wsug_graphics/related-other.png[{related-attrs}]::
  _Not_ part of the selected conversation.

image:wsug_graphics/related-last.png[{related-attrs}]::
  Last packet in a conversation.

image:wsug_graphics/related-request.png[{related-attrs}]::
  Request.

image:wsug_graphics/related-response.png[{related-attrs}]::
  Response.

image:wsug_graphics/related-ack.png[{related-attrs}]::
  The selected packet acknowledges this packet.

image:wsug_graphics/related-dup-ack.png[{related-attrs}]::
  The selected packet is a duplicate acknowledgement of this packet.

image:wsug_graphics/related-segment.png[{related-attrs}]::
  The selected packet is related to this packet in some other way, e.g. as part
  of reassembly.

The packet list has an _Intelligent Scrollbar_ which shows a miniature map of
nearby packets. Each https://en.wikipedia.org/wiki/Raster_graphics[raster line]
of the scrollbar corresponds to a single packet, so the number of packets shown
in the map depends on your physical display and the height of the packet list. A
tall packet list on a high-resolution (``Retina'') display will show you quite a
few packets. In the image above the scrollbar shows the status of more than 500
packets along with the 15 shown in the packet list itself.

Right clicking will show a context menu, described in
<<ChWorkPacketListPanePopUpMenu>>.

[[ChUsePacketDetailsPaneSection]]

=== The ``Packet Details'' pane

The packet details pane shows the current packet (selected in the ``Packet List''
pane) in a more detailed form.

[[ChUseWiresharkDetailsPane]]

.The ``Packet Details'' pane
image::wsug_graphics/ws-details-pane.png[{screenshot-attrs}]

This pane shows the protocols and protocol fields of the packet selected in the
``Packet List'' pane. The protocols and fields of the packet shown in a tree
which can be expanded and collapsed.

There is a context menu (right mouse click) available. See details in
<<ChWorkPacketDetailsPanePopUpMenu>>.

Some protocol fields have special meanings.

* *Generated fields.* Wireshark itself will generate additional protocol
  information which isn't present in the captured data. This information is
  enclosed in square brackets (`[' and `]'). Generated information includes
  response times, TCP analysis, GeoIP information, and checksum validation.

* *Links.* If Wireshark detects a relationship to another packet in the capture
  file it will generate a link to that packet. Links are underlined and
  displayed in blue. If you double-clicked on a link  Wireshark will jump to the
  corresponding packet.

[[ChUsePacketBytesPaneSection]]

=== The ``Packet Bytes'' pane

The packet bytes pane shows the data of the current packet (selected in the
``Packet List'' pane) in a hexdump style.

[[ChUseWiresharkBytesPane]]

.The ``Packet Bytes'' pane
image::wsug_graphics/ws-bytes-pane.png[{screenshot-attrs}]

The ``Packet Bytes'' pane shows a canonical
https://en.wikipedia.org/wiki/Hex_dump[hex dump] of the packet data. Each line
contains the data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes.
Non-printalbe bytes are replaced with a period (`.').

Depending on the packet data, sometimes more than one page is available, e.g.
when Wireshark has reassembled some packets into a single chunk of data. (See
<<ChAdvReassemblySection>> for details). In this case you can see each data
source by clicking its corresponding tab at the bottom of the pane.

[[ChUseWiresharkBytesPaneTabs]]
.The ``Packet Bytes'' pane with tabs
image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}]

Additional pages typically contain data reassembled from multiple packets or
decrypted data.

The context menu (right mouse click) of the tab labels will show a list of all
available pages. This can be helpful if the size in the pane is too small for
all the tab labels.

[[ChUseStatusbarSection]]

=== The Statusbar

The statusbar displays informational messages.

In general, the left side will show context related information, the middle part
will show information about the current capture file, and the right side will
show the selected configuration profile. Drag the handles between the text areas
to change the size.

[[ChUseWiresharkStatusbarEmpty]]
.The initial Statusbar
image::wsug_graphics/ws-statusbar-empty.png[{statusbar-attrs}]

This statusbar is shown while no capture file is loaded, e.g. when Wireshark is started.

[[ChUseWiresharkStatusbarLoaded]]
.The Statusbar with a loaded capture file
image::wsug_graphics/ws-statusbar-loaded.png[{statusbar-attrs}]

* *The colorized bullet* on the left shows the highest expert info level found
  in the currently loaded capture file. Hovering the mouse over this icon will
  show a textual description of the expert info level, and clicking the icon
  will bring up the Expert Infos dialog box. For a detailed description of
  expert info, see <<ChAdvExpert>>.

* *The left side* shows information about the capture file, its name, its size
  and the elapsed time while it was being captured. Hovering over a file name
  will show its full path and size.

* *The middle part* shows the current number of packets in the capture file. The
  following values are displayed:

  - _Packets:_ The number of captured packets.

  - _Displayed:_ The number of packets currently being displayed.

  - _Marked:_ The number of marked packets (only displayed if packets are
  marked).

  - _Dropped:_ The number of dropped packets (only displayed if Wireshark was
  unable to capture all packets).

  - _Ignored:_ The number of ignored packets (only displayed if packets are
  ignored).

  - _Load time:_ The time it took to load the capture (wall clock time).

* *The right side* shows the selected configuration profile. Clicking in this
  part of the statusbar will bring up a menu with all available configuration
  profiles, and selecting from this list will change the configuration profile.

[[ChUseWiresharkStatusbarProfile]]
.The Statusbar with a configuration profile menu
image::wsug_graphics/ws-statusbar-profile.png[{pdf-scaledwidth},height=192]

For a detailed description of configuration profiles, see <<ChCustConfigProfilesSection>>.

[[ChUseWiresharkStatusbarSelected]]
.The Statusbar with a selected protocol field
image::wsug_graphics/ws-statusbar-selected.png[{statusbar-attrs}]

This is displayed if you have selected a protocol field from the ``Packet
Details'' pane.


[TIP]
====
The value between the parentheses (in this example `ipv6.src') can be used as a
display filter, representing the selected protocol field.
====

[[ChUseWiresharkStatusbarFilter]]

.The Statusbar with a display filter message
image::wsug_graphics/ws-statusbar-filter.png[{statusbar-attrs}]

This is displayed if you are trying to use a display filter which may have
unexpected results. For a detailed description, see
<<ChWorkBuildDisplayFilterMistake>>.

++++++++++++++++++++++++++++++++++++++
<!-- End of WSUG Chapter 3 -->
++++++++++++++++++++++++++++++++++++++