The Toolbars in Wireshark, located below the Menu Bar, provide quick and convenient access to frequently used actions and settings. By default, Wireshark typically displays the Main Toolbar and the Filter Toolbar, but you can customize which toolbars are visible through the View > Toolbars menu.
1. Main Toolbar
The Main Toolbar usually contains icons for the following common actions:
- Start Capture: Initiates a new network traffic capture. Often displays an icon resembling a shark fin or a play button.
- Stop Capture: Halts the ongoing network traffic capture. Usually depicted as a stop button or a square.
- Restart Capture: Stops the current capture and immediately starts a new one with the same settings.
- Open: Allows you to open a previously saved capture file (same as File > Open…). Typically shown as a folder icon.
- Save: Saves the currently loaded or captured data to a file (same as File > Save As…). Usually represented by a floppy disk icon.
- Close: Closes the currently open capture file (same as File > Close).
- Go to Packet: Opens the “Go To Packet…” dialog (same as Edit > Go To Packet…). Often shown as a magnifying glass with a number.
- Find Packet: Opens the “Find Packet…” dialog (same as Edit > Find Packet…). Usually depicted as binoculars or a magnifying glass.
- Apply as Filter: Provides a dropdown or submenu to quickly create and apply display filters based on the currently selected packet or a field within it (similar to Edit > Copy > As Filter).
- Clear Filter: Removes any currently applied display filter, showing all captured packets.
- Next Packet: Navigates to the next packet in the Packet List Pane.
- Previous Packet: Navigates to the previous packet in the Packet List Pane.
- First Packet: Jumps to the very first packet in the capture.
- Last Packet: Jumps to the very last packet in the capture.
- Colorize Conversation: Toggles the coloring of packets based on their network conversations, making it easier to follow communication flows.
- Mark/Unmark Packet: Toggles the marking status of the currently selected packet (same as Edit > Mark/Unmark Packet).
- Ignore/Unignore Packet: Allows you to temporarily hide or show specific packets from the display without using a filter.
- Zoom In: Increases the font size in the Wireshark panes (same as View > Zoom In).
- Zoom Out: Decreases the font size in the Wireshark panes (same as View > Zoom Out).
- Normal Size: Resets the font size to the default (same as View > Normal Size).
- Help: Opens the Wireshark help documentation.
2. Filter Toolbar
The Filter Toolbar is usually located directly below the Main Toolbar and provides a dedicated field for entering and applying display filters.
- Filter Input Field: This is where you type your display filter expressions. Wireshark provides syntax highlighting and auto-completion suggestions as you type.
- Apply Button: Clicking this button applies the filter entered in the input field, showing only the packets that match the filter criteria.
- Clear Button: Clears the current filter from the input field and removes the active filter, displaying all captured packets.
- Saved Filters: A dropdown menu that allows you to save frequently used display filters and quickly apply them. You can manage your saved filters through Analyze > Display Filters….
Customizing Toolbars
As mentioned earlier, you can customize which toolbars are visible by going to View > Toolbars. You can enable or disable the Main Toolbar and the Filter Toolbar based on your preferences and the screen real estate available.
Becoming familiar with the icons and functions available on the toolbars can significantly speed up your common Wireshark tasks, allowing for more efficient capture and analysis of network traffic.
