Wireshark is a software tool used to monitor the network traffic through a network interface. It is the most widely used network monitoring tool today. Wireshark is loved equally by system administrators, network engineers, network enthusiasts, network security professionals, and black hat hackers. It is a network protocol analyzer that captures packets from a network connection. The packet is the name given to a distinct unit of data in a typical Ethernet network.
Analyze Menu:
The “Analyze” menu is located on Wireshark’s main menu at the top of the main window (Windows, Linux) or at the top of the main screen (macOS). It contains options for manipulating display filters, enabling or disabling the dissection of protocols, configuring user-specified decodes, and following a TCP stream.
Analyze Menu Options :
| Options | Description |
|---|---|
| Display Filters | This option display a dialogue box, that allows us to create and edit display filters. We can name filters and save them for further use. |
| Display Filter Macros | This option display a dialogue box that allows us to create and edit display filter macros. We can name filter macros and save them for further use. |
| Apply as Column | This option adds the selected protocol item in the packet details pane as a column to the packet list. |
| Apply as Filter | This option alters the current display filter and applies it immediately. Depending on the chosen menu item, the current display filter string will be substituted or appended to by the selected protocol field in the packet details pane. |
| Prepare as Filter | This option alters the current display filter but won’t apply it. Depending on the chosen menu item, the current display filter string will be substituted or appended to by the selected protocol field in the packet details pane. |
| Conversation Filter | This option applies a conversation filter for various protocols. |
| Enabled Protocols | This option allows us to enable or disable various protocol dissectors. |
| Decode As | This option decodes certain packets as a particular protocol. |
| Follow -> TCP Stream | This option opens a window that displays all the TCP segments captured that are on the same TCP connection as a selected packet. |
| Follow -> UDP Stream | This option opens a window that displays all the UDP segments captured that are on the same UDP connection as a selected packet. |
| Follow -> TLS Stream | This option opens a window that displays all the TLS or SSL segments captured that are on the same TLS or SSL connection as a selected packet. |
| Follow -> HTTP Stream | This option opens a window that displays all the HTTP segments captured that are on the same HTTP connection as a selected packet. |
| Expert Info | This option opens a window showing expert information found in the capture. Some of the protocol dissectors add packet detail items for notable or unusual behavior, such as invalid checksums or retransmissions. The amount of information found in the capture depends on the protocol. |