| Action | Description | Example |
|---|---|---|
Ctrl + E |
Start/Stop capturing packets | Press Ctrl + E to start or stop capturing packets. |
Ctrl + K |
Restart capturing packets | Press Ctrl + K to restart capturing packets. |
Ctrl + S |
Save captured packets | Press Ctrl + S to save the captured packets to a file. |
Ctrl + O |
Open a capture file | Press Ctrl + O to open an existing capture file. |
Ctrl + Q |
Quit Wireshark | Press Ctrl + Q to quit Wireshark. |
| Filter | Description | Example |
|---|---|---|
ip.addr == [address] |
Filter by IP address | ip.addr == 192.168.1.1 |
tcp.port == [port] |
Filter by TCP port | tcp.port == 80 |
udp.port == [port] |
Filter by UDP port | udp.port == 53 |
http |
Filter HTTP traffic | http |
dns |
Filter DNS traffic | dns |
icmp |
Filter ICMP traffic | icmp |
eth.addr == [address] |
Filter by Ethernet address | eth.addr == 00:11:22:33:44:55 |
frame contains "[text]" |
Filter by frame content | frame contains "HTTP" |
| Filter | Description | Example |
|---|---|---|
host [address] |
Capture traffic to/from a specific host | host 192.168.1.1 |
net [network] |
Capture traffic on a specific network | net 192.168.1.0/24 |
port [port] |
Capture traffic on a specific port | port 80 |
tcp |
Capture TCP traffic | tcp |
udp |
Capture UDP traffic | udp |
icmp |
Capture ICMP traffic | icmp |
ether host [address] |
Capture traffic to/from a specific Ethernet address | ether host 00:11:22:33:44:55 |
| Command | Description | Example |
|---|---|---|
Statistics > Summary |
Show summary of the capture | Go to Statistics > Summary to view the capture summary. |
Statistics > Protocol Hierarchy |
Show protocol hierarchy | Go to Statistics > Protocol Hierarchy to view the protocol hierarchy. |
Statistics > Conversations |
Show conversations between endpoints | Go to Statistics > Conversations to view the conversations. |
Statistics > Endpoints |
Show endpoint statistics | Go to Statistics > Endpoints to view endpoint statistics. |
Statistics > IO Graphs |
Show input/output graphs | Go to Statistics > IO Graphs to view input/output graphs. |
| Command | Description | Example |
|---|---|---|
Analyze > Follow > TCP Stream |
Follow TCP stream | Go to Analyze > Follow > TCP Stream to follow a TCP stream. |
Analyze > Follow > UDP Stream |
Follow UDP stream | Go to Analyze > Follow > UDP Stream to follow a UDP stream. |
Analyze > Follow > HTTP Stream |
Follow HTTP stream | Go to Analyze > Follow > HTTP Stream to follow an HTTP stream. |
| Command | Description | Example |
|---|---|---|
Ctrl + F |
Find a packet | Press Ctrl + F to find a specific packet. |
Ctrl + G |
Go to a specific packet | Press Ctrl + G to go to a specific packet number. |
Ctrl + ↑ |
Move to previous packet | Press Ctrl + ↑ to move to the previous packet. |
Ctrl + ↓ |
Move to next packet | Press Ctrl + ↓ to move to the next packet. |
Ctrl + B |
Set time reference to selected packet | Press Ctrl + B to set the time reference to the selected packet. |
Ctrl + T |
Set a time reference | Press Ctrl + T to set a new time reference. |