What's new in Wireshark 2?
There's a new version of Wireshark out—a new major version that has many interesting features. Here, you can see the new Qt GUI:
It looks very similar to the Legacy GTK GUI, with few minor tweaks. The main menu bar here has had some icons changed and removed; the general interface is a little bit cleaner. All the general functionality, though, is all the same. Capture options are on the upper left-hand side and they are denoted by a gear icon. When you click on the gear icon, you have multiple tabs for Input options, Output options, and general Options:
When you click on Edit | Preferences..., you can see the preferences window, as shown in the following screenshot. Options such as Show up to makes it easy to navigate and view what you need to see:
As shown in the following screenshot, on the left-hand side, you can see the related packets diagram show up, based on what you select. So if you select different packets, this will change in size and shape; and what might appear for you is then what you select. This makes it easy to pick out packets that are related to each other without having to follow TCP or UDP streams:
Under the Statistics menu that is present in the menu bar, many of these statistics options now have a similar-looking window, as shown in the following screenshot. If you look at how the buttons, filters, and general interface is set up, they're all now standardized and look very, very similar to each other, which I'm sure makes coding much easier for those who work on the Wireshark code:
Click on Statistics | I/O Graph; now you can see the Wireshark IO graph. In the bottom left-hand, you can click on the plus icon and add multiple items to the chart on your IO graph, and you can do this an unlimited number of times:
Additionally, any changes you make in here are saved to your profile. With this graph, you can also click on Save As... and select different file formats to choose from:
Click on Analyze | Follow | UDP Stream; you can see the follow stream dialog box has been updated so that it now allows you to select whether it's the entire conversation or just one side at a time. It also allows you to search for text within:
In the preceding screenshot you can see the context-aware hints in action. Within this stream, if you look at the bottom, you have some information such as client packets, server packets, and so on, that changes based on what you're hovering over. The main capture window will change to that actual packet.
This is very handy for jumping through the data and being able to see it in relation to the entire capture.
Let's now see how we'll capture traffic and get the first packets in that main window.