Manualshelf

Quick Start Guide

ManualsBrandsWireshark ManualsSoftware$model.subName
11121314151617181920
Wireshark Quickstart Guide
13
Figure 8: Areas 2 Details (Extract from previous figure)
The first line of area two is created by Wireshark and contains
statistical and informational data about the frame. It shows that
this is the eighth frame (packet) that Wireshark captured. The
next line in area 2 reveals that it was an Ethernet packet. Since
the payload of this Ethernet packet was an Internet Protocol (IP)
packet, the third line indicates that. You will also notice that
there is a plus next to the first two lines and a minus next to the
IP line. You can click on a plus to get more details on the packet
contents. This has been done for the IP line so that the user can
see the header information for the packet.
iii) Window Area 3: RAW Data
Clicking on a portion of the packet in area two changes the
display in area 3. This was done in Figure 8 to select the IP
flags field, in Figure 9 the hex of the flags field is selected. Area
3 has two parts. On the left are sixteen columns of two-
characters each. This is the raw hexadecimal code that makes up
the packet. On the right is the Unicode version of this
hexadecimal code. If you click on an http line in window 2, you
might notice English looking get commands or html commands
in this right area.
Figure 9 Hexadecimal View
V) Some Options to Analyze Captured
Packets
Wireshark has several options to explore and analyze captured
data. Feel free to explore the full set of options; however this
section will discuss a few key capabilities.