6.1. Viewing packets you have captured
Once you have captured some packets, or you have opened a previously
saved capture file, you can view the packets that are displayed in
the packet list pane by simply clicking on a packet in the
packet list pane, which will bring up the selected packet in the
tree view and byte view panes.
You can then expand any part of the tree view by clicking on the
sign (the symbol itself may vary) to the left of
that part of the payload,
and you can select individual fields by clicking on them in the tree
view pane. An example with a TCP packet selected is shown in
Figure 6.1, “Wireshark with a TCP packet selected for viewing”. It also has the Acknowledgment number
in the TCP header selected, which shows up in the byte view as the
Figure 6.1. Wireshark with a TCP packet selected for viewing
You can also select and view packets the same way, while Wireshark is
capturing, if you selected "Update list of packets in real time" in the
Wireshark Capture Preferences dialog box.
In addition, you can view individual packets in a separate window as
shown in Figure 6.2, “Viewing a packet in a separate window”. Do this by selecting the
packet in which you are interested in the packet list pane, and then
select "Show Packet in New Windows" from the Display menu. This
allows you to easily compare two or even more packets.
Figure 6.2. Viewing a packet in a separate window