Wireshark is a software tool used to monitor the network traffic through a network interface card. It is the most widely used network monitoring tool today. Wireshark is loved equally by system administrators, network engineers, network admins, network security professionals, and black hat hackers. It is a network protocol analyzer that captures packets from a network connection. The packet is the name given to a distinct unit of data in a typical Ethernet network.
Capture Menu:
The “Capture” menu is located on Wireshark’s main menu at the top of the main window (Windows, Linux) or at the top of the main screen (macOS). It contains options for starting and stopping captures and for editing capture filters.
Capture Menu Options:
Options | Shortcut Keys | Description |
---|---|---|
Options | Ctrl+K | This option displays the Capture Options dialogue box, which allows us to configure interfaces and capture options. |
Start | Ctrl+E | This option immediately starts capturing packets with the same settings as the last time. |
Stop | Ctrl+E | This option stops the currently running capture. The packet capture automatically gets stopped if one of the Stop Conditions is met. In case when the maximum amount of data gets captured the capturing stops. |
Restart | Ctrl+R | This option stops the currently running capture and starts it again with the same options. |
Capture Filters | This option brings up a dialogue box that allows us to create and edit capture filters. We can name filters and save them for further use. | |
Refresh Interfaces | F5 | This option clears and recreates the interface list. |