| Capture | Description |
|---|---|
| Start Capture | Begin packet sniffing |
| Capture Filter | Limit packets by protocol/IP |
| Interface List | Choose network interface |
| Save .pcap | Export capture file |
| Display Filters | Description |
|---|---|
| ip.addr == 192.168.1.1 | Filter by IP address |
| tcp.port == 443 | Filter by TCP port |
| http | Show HTTP traffic |
| dns | Show DNS queries |
| Analysis | Description |
|---|---|
| Follow TCP Stream | View full conversation |
| Statistics → Protocol Hierarchy | Break down traffic types |
| Expert Info | Highlight anomalies |
| IO Graphs | Visualize traffic over time |
| Protocols | Description |
|---|---|
| ARP | Address Resolution Protocol |
| ICMP | Ping and echo requests |
| TLS | Encrypted traffic |
| DHCP | IP assignment traffic |
| Export & Tools | Description |
|---|---|
| Export Packet Bytes | Save raw data |
| Export Objects → HTTP | Extract files from traffic |
| Color Rules | Highlight traffic types |
| Command Line: tshark | CLI version of Wireshark |