定制Wireshark显示

上次我们讨论了如何使用Wireshark快速捕获一些示例网络流量。你所看到的丰富的信息可能会让你感到困惑，所以你的下一步可能是控制你真正需要看到的内容。首先，我喜欢在最上面的“数据包列表”窗格中配置列。你可能希望在“视图”菜单上找到这个功能，但实际上它是在“首选项”下的“编辑”菜单上，Mac用户应该很熟悉这个功能。在“用户界面”下，选择列，您将看到将出现在数据包显示窗格中的列的列表。你可以删除任何与你无关的栏目;添加新的(“Format”下拉列表实际上指定了要显示的数据，而不是格式!);然后使用右边的箭头重新排列列。通常情况下，你会希望看到源、目标、协议和信息格式;除此之外，一切都取决于你。 If you’re troubleshooting slow behavior, you’ll probably want the Time format as well. While we’re here in the Preferences window, click the Capture setting in the windowpane to the left. Here you may recognize some of the options that were available to you in yesterday’s posting when we initiated our first actual capture. The Preferences window lets you set defaults for various Wireshark dialog boxes. Now, click OK, and you should be back at the Wireshark main screen. There are three windowpanes in this screen. The packet list pane appears on top. Below it is a “packet details” pane that provides more details about whichever packet in the packet list pane is highlighted. The “packet bytes” pane is below that; it’s the raw view of the packet contents. Try this: Click on different lines in the packet details pane, and see what happens in the packet bytes pane. Wireshark highlights the bytes that correspond to the information you click in the packet details pane. Pretty cool. The three primary panes may be resized by dragging the horizontal bars that separate them. However, depending on the kind of analysis you intend to perform, you may or may not need to see the packet bytes pane. You can selectively enable or disable the display of any of the three panes by using the View menu. Go ahead and turn off the packet bytes pane for the time being. In tomorrow’s posting, we’ll apply a filter to the packets displayed in the packet list pane.