In Wireshark, along with many other packet analysis tools, there are many options to enhance your graphical experience. When you open a packet capture in Wireshark, the default layout displays three panels, as shown in the following screenshot:

• Packet list
• Packet details
• Packet bytes:

The appearance of the display can be modified in the preferences by going to Edit, and then Preferences:

• Packet list: This is a list of all the captured packets, where each line represents a single packet. If there are too many packets to fit in the pane, the user can use the scroll bar on the right to navigate through the capture.

• Packet details: This displays the details of a single packet and includes the protocols and field values. It also displays Wireshark-specific hints. For example, there is no field value called stream index, but Wireshark lists [Stream index: 0] in a Transmission Control Protocol (TCP) header underneath the source and destination ports as a way to keep track of all the streams, as shown in the following screenshot:

• Packet bytes: This is a hexadecimal representation of the single packet, as shown in the packet details pane. Any data will be displayed on the right-hand side, as shown in the following screenshot:

The appearance of the display can be modified in the preferences by going to Edit, and then Preferences:

Once in Preferences, and then Layout, you can change your layout to one of many different configurations, as shown in the previous screenshot.

After displaying the result, we then move to taking a good look at the captured data and doing an analysis of what we have captured. The next section provides a summary on the final stage of packet analysis: analyze.