Lisa Bock investigates the Wireshark File menu choice for working with files with a focus on Open, Merge, Import from Hex Dump, Save, and working with File Sets, Quit, and Close.
- [Instructor] When working with the Wireshark interface, file is many times the go-to menu choice. Now there are many items in this menu choice. Let's start with open. Now this'll start with a dialog box which will allow you to load a pre-captured file. It'll go to the location and allow you to select that file. The next one is open recent, and as you can see, there are other packet captures in there. Every once in awhile, it gets very busy, at least in mine, so then I go down to the bottom and clear the menu.
And we can see that it will freshen up that interface and take away those old entries. Now, the next one is where we can see merge. Now if you have a file capture open, and you're doing some troubleshooting, this would merge that capture that you obtained with the one you currently have open. Now it's really important that the time values are perfect, because it will use the time value to synchronize the two files. The next one is import from hex dump.
Now, every once in awhile, you're going to get a hex dump where someone from another device will send it to you for analysis. So let's take a look. We'll go to browse, and I have a hex dump in here, and we'll open that. Now we have some choices, and of course the offset's a hexadecimal, and then down below, you see the encapsulation type, and I'll drop this down. We are using the ethernet encapsulation format, but as you can see, there are a lot of other choices. And then I'll say import.
And now we've got it loaded in so we can manipulate it within the Wireshark interface. Now we also see close, and closes when you're done. It'll close the current capture, and if you haven't saved it, it will ask you if you'd like to save it. If you've done anything with the file, here this allows you to save it, and then sometimes you wanna save it as something else. And we'll go to save as. So, it brings us into my folder, and as you can see, when you do this, and I'll center this right here, the really great thing about Wireshark is all the different file formats that it interchanges with.
Now I'm not gonna save that, but as you can see, there are a lot of choices. We'll cancel that. Every once in awhile, you'll be working with a number of files. I'll go to list files. For example, you're doing a firewall rule set, and you're going through maybe a whole month's worth of files to just see what it is you want to allow or deny. And you'll have all your files in a file set. So this allows you to go through, and it will keep track, and as you can see, there is only one, but if there is more than one, you can go to the next file or the previous file.
Now the last thing here is where we can quit, and if we do quit, this is going to ask you if you want to save your captured file if you haven't previously saved it. So those are commonly accessed menu choices from the file menu.
- Exporting packets and objects
- Edit, View, and Statistics menus
- Toolbars and icons
- Capture options
- Using the capture and display filters
- Finding and marking packets
- Personalizing the layout
- Creating configuration profiles
- Filter expressions and buttons