WEBVTT 00:00.060 --> 00:09.930 In this video, we are going to learn all the functions that are added in the main toolbar or menu bar. 00:10.320 --> 00:12.000 This is the main toolbar. 00:12.060 --> 00:18.300 It contains the functions that you are going to use on a regular basis. 00:18.390 --> 00:19.890 So let's get started. 00:20.100 --> 00:26.680 A red button from the left stops capturing backwards our Wireshark session. 00:26.700 --> 00:27.990 So let me click on it. 00:28.500 --> 00:35.940 And the first button allows you to start capturing packets or a new Wireshark session. 00:36.060 --> 00:36.870 Click on it. 00:36.870 --> 00:45.900 As you can see, a white shark is asking me to see the already captured packets before starting a new 00:45.900 --> 00:46.360 session. 00:46.380 --> 00:49.290 So click on See Now Down Here, right? 00:49.290 --> 00:50.200 The file name. 00:51.600 --> 00:53.170 Click on Save. 00:53.460 --> 00:58.050 As you can see, Wireshark has started a new session. 00:58.110 --> 01:06.810 Right now, next function that we have is restart current, capturing it, basically terminate the current 01:06.870 --> 01:10.200 session and start a new session. 01:10.260 --> 01:11.670 So let me click on it. 01:12.270 --> 01:16.770 And this time I'm going to click on Continue Without Saving. 01:17.310 --> 01:20.820 Then we have captured options. 01:21.270 --> 01:28.110 Capture options can't be used when you have a wireshark session running. 01:28.200 --> 01:28.560 Right. 01:28.560 --> 01:31.140 So let me stop it now, as you can see. 01:31.440 --> 01:33.990 Capture options has been enabled. 01:34.320 --> 01:35.130 Click on it. 01:35.250 --> 01:44.070 Capture options displays you all the installed network interface card just like you would welcome a 01:44.070 --> 01:44.640 window. 01:44.940 --> 01:52.050 The difference is that capture options gives us a much better control over interfaces. 01:52.410 --> 01:56.040 We have a dedicated video for Capture Options. 01:56.130 --> 01:57.930 For now, click on Close. 01:58.200 --> 02:04.020 Next, two buttons are open a capture file and save this capture file. 02:04.320 --> 02:11.100 We have already covered these two buttons in the second lecture of this section. 02:11.190 --> 02:14.450 Right then we have closed a button. 02:14.460 --> 02:20.970 It basically closes the current file and takes you back to the welcome window. 02:21.000 --> 02:23.450 Continue without saving, as you can see. 02:23.910 --> 02:28.560 Next function that we have is a reload this file. 02:28.770 --> 02:32.880 It basically reloads or refreshes your file. 02:33.150 --> 02:36.750 Then we have find a packet, a click on it. 02:37.260 --> 02:45.680 This function allows us to find or search the packets with different parameters. 02:45.690 --> 02:47.880 So click on this dropdown. 02:48.180 --> 02:52.590 We can use display filter, hex value string and a regular expression. 02:52.650 --> 02:52.990 Right? 02:53.400 --> 02:58.650 We haven't covered display filters and regular expression yet. 02:59.010 --> 03:06.210 You will automatically learn to use these to when you will complete the filters section. 03:06.480 --> 03:09.840 So let me show you how to use string and hex value. 03:09.960 --> 03:11.230 So click on the string. 03:11.350 --> 03:13.740 String basically means Dexter. 03:13.980 --> 03:24.590 So in the search box, type the string that you want to search for, let me search for Letty d c ied. 03:24.600 --> 03:31.470 As you can see down here, back at number eight does contain the text DC IED. 03:31.470 --> 03:31.800 Right. 03:31.800 --> 03:39.060 So what Wireshark is going to do, it will highlight or take you to the packet that contains whatever 03:39.090 --> 03:42.610 string you write here in the search box. 03:42.630 --> 03:45.450 So click on Find or Press Enter. 03:45.720 --> 03:50.970 As you can see, Wireshark is highlighting the packet that contained a DCI ID. 03:51.300 --> 04:00.150 And if you click on Find Again now it is showing the next packet that contains the DCI, right? 04:00.420 --> 04:05.460 In the same way you can use hex values, so click on it. 04:05.790 --> 04:08.490 Now you have to write a hex value. 04:08.550 --> 04:10.890 Let me type, let me 70. 04:11.040 --> 04:16.560 To be honest, I guess you are not going to use this feature that often. 04:16.620 --> 04:16.980 Right? 04:17.220 --> 04:18.540 So let me click on find. 04:18.570 --> 04:26.820 Now, as you can see, Wireshark is highlighting the packet that contained the value seven D right in 04:26.820 --> 04:28.920 the packet about section. 04:28.920 --> 04:32.730 It is highlighting the value seven D as you can see. 04:32.850 --> 04:39.330 Now moving on then we have left and right arrow buttons. 04:39.720 --> 04:46.600 Left Arrow Button basically takes you one place up from its current position. 04:46.600 --> 04:51.240 And as you can see right now, my current position is back at number 17. 04:51.540 --> 04:59.370 So if I click on the left arrow, as you can see, it takes me one packet up and right arrow button. 04:59.570 --> 05:01.820 Takes me one, back it down. 05:02.090 --> 05:05.240 Then we have go to a specific packet. 05:05.320 --> 05:08.060 So click on it in the box. 05:08.240 --> 05:09.950 Type the package number. 05:09.980 --> 05:12.410 Let's see, three, five. 05:12.530 --> 05:16.070 Now click on go to packet or press enter. 05:16.220 --> 05:25.220 As you can see now, packet number 35 is highlighted because this is what we type in the go to a specific 05:25.220 --> 05:25.760 box. 05:26.000 --> 05:31.950 Alright, so whatever packet you want to go to write the packet number here. 05:32.060 --> 05:34.970 Then you can click on go to the packet. 05:35.300 --> 05:39.860 Next two buttons are down A2 and up A2 up. 05:39.860 --> 05:49.490 A2 takes you to the first packet in the list and down arrow takes you to the last packet in the list, 05:49.490 --> 05:50.330 as you can see. 05:50.660 --> 05:57.860 And then we have automatically scroll to the last packet during live captured. 05:58.130 --> 06:05.540 When you have this button enabled, it basically highlights or you can see automatically scroll to the 06:05.810 --> 06:11.060 last packet that Wireshark captures during a live session. 06:11.330 --> 06:13.610 By default, this button is enabled. 06:13.610 --> 06:18.170 As you can see, it has this light a blue background colour, right? 06:18.200 --> 06:20.900 It means it is enabled if you click on it. 06:21.110 --> 06:23.570 As you can see now, it has been disabled. 06:23.900 --> 06:26.270 I'm going to enable it back now. 06:26.300 --> 06:32.090 Next function that we have is draw back using colouring rules. 06:32.480 --> 06:36.230 We have packets with different colours, right? 06:36.590 --> 06:42.380 These colours help us to identify the types of traffic. 06:42.440 --> 06:50.300 As you can see, DHCP packets have grey background colour and ICMP packets have a different colour. 06:50.450 --> 06:50.840 Right. 06:51.140 --> 07:00.140 So what charter does by default it assigns a unique colour to most common network traffic. 07:00.320 --> 07:00.670 Right. 07:00.680 --> 07:06.470 It helps us to easily identify the traffic or packets. 07:06.800 --> 07:15.440 So if you want to know which colour is associated with which traffic, then go to the view. 07:15.950 --> 07:17.300 Click on colouring rules. 07:17.600 --> 07:23.660 As you can see here, we have a complete a list of colorized traffic. 07:24.140 --> 07:28.370 UDP packets have a light and blue background color. 07:28.430 --> 07:36.710 DHCP packets have a grey background colour and DHCP reset packets have a red background colour. 07:36.710 --> 07:37.040 Right. 07:37.250 --> 07:43.160 We can actually modify and add our own colouring rules in the list. 07:43.280 --> 07:43.640 Okay. 07:43.640 --> 07:50.460 We will learn how to colorize the traffic in a dedicated video right now. 07:50.480 --> 07:58.460 Let's say you want to change the background colour of our traffic, so click on it. 07:58.640 --> 08:04.820 Now down here, click on the background colour from here, select the colour, then click on. 08:04.820 --> 08:05.330 Okay. 08:05.660 --> 08:12.500 In the same way you can change the background colour of text or fonts, all you have to do click on 08:12.500 --> 08:13.190 foreground. 08:13.340 --> 08:17.030 Then from here select the colour, click on okay. 08:17.360 --> 08:22.470 Then it will change your foreground colours as well to apply changes. 08:22.490 --> 08:23.520 Click on okay. 08:23.840 --> 08:29.090 If you click on the button then it will remove the packet colorization. 08:29.090 --> 08:32.990 Right now all the packets are looking. 08:33.020 --> 08:33.430 See? 08:33.590 --> 08:33.980 Right. 08:34.280 --> 08:34.610 Okay. 08:34.610 --> 08:39.110 I'm going to enable it back because it is immensely helpful. 08:39.110 --> 08:47.360 The next two buttons are plus and minus plus button basically increases the font size as you can see, 08:47.360 --> 08:57.680 and minus button decreases the font size and a button next to minus set the font size to a default. 08:57.770 --> 08:58.910 So let me click on it. 08:58.910 --> 09:07.670 As you can see now, last function in the main toolbar is resize back it at least columns to fit the 09:07.670 --> 09:09.260 contents can trace. 09:09.470 --> 09:16.130 The destination column is overlapping the information of source column, right? 09:16.130 --> 09:23.570 So when you click on this button, as you can see, the content of each column is being displayed properly. 09:23.570 --> 09:27.260 Right now, the columns are not overlapping each other.