Network Interface
Before a user can capture any packets, a user needs to choose the correct network interface. This is one of the most important steps, because if a user selects the wrong interface, Wireshark will show little or no traffic.
A network interface represents how a users device connects to a network. Wireshark lists all available interfaces, and each one corresponds to a different type of connection.
Common Network Interfaces in Wireshark
- Wi-Fi (WLAN) – Use this if a user is connected wirelessly
- Ethernet – Use this if a user is connected with a network cable
- VPN adapters – Appear when a VPN connection is active
- Virtual adapters – Created by tools like VMware, VirtualBox, or Hyper-V
- Loopback – Captures internal traffic on a users own machine (advanced use cases)
How to Choose the Right Interface
The easiest way to identify the correct interface is to look for activity. In Wireshark, each interface shows a small live graph. The one with movement is usually the one currently sending and receiving traffic.
- If you a user is using Wi-Fi, select the interface labeled Wi-Fi or WLAN
- If a user is using a wired connection, select the Ethernet interface
- If a user is unsure, start a capture and open a website — the correct interface will immediately show traffic
Choosing the right interface is critical. If a user selects the wrong one, Wireshark may appear to be working, but you will not see the traffic a user expects.
Understanding the Wireshark Interface
Wireshark organizes captured traffic using a three-panel layout that helps a user move from a broad view of network activity to the full details of an individual packet.
This layout is one of the reasons Wireshark is so effective. A user can quickly scan all captured packets, select one that looks important, and then inspect its structure and raw data in more detail.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNi9pbWFnZSgzMCkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzgyNDk5ODEzfX19XX0_&Signature=Vft966mhTYEvYXZtB9q8ghX8yLW3e2mckBwtBI~qBRgqcPNf7Jmlm0rgFUZzoA4I9GKcbPSirnZ0NxM~feuAOxJj216BOywAwg5kw2YJYfEcNeyt1D4SCx28SZ1heLkUgSik8zC-RjVL12AGYHAR-rxyWFCizWT7zz~r50dpM3apEXvQk1DEJ5ZD~8K3ronQdnM4V0GW3uzWVGc0loCjcSL2B8M2H9hd0MWbO9460e9dfb2AYTj~X0-eFSk4JMoRM5YqKQcyb5OxmLsu6ZIz8a8oHTvSLCLyMn1rWyfvt1DyfHAaDzWyrOPBT4tElBoSGP-PWLOFc76husOEeI5T-Q__&Key-Pair-Id=K2TK3EG287XSFC)
Top Panel
Packet List
The top panel displays every packet captured during a user's session. Each row represents a single packet and gives a user a quick summary of what happened on the network.
- No. – The packet number in the capture
- Time – When the packet was captured
- Source – The device or IP that sent the packet
- Destination – The device or IP that received it
- Protocol – The protocol in use, such as TCP, UDP, DNS, or HTTP
- Length – The size of the packet
- Info – A short summary of the packet contents
When a user clicks a packet in this panel, Wireshark loads its details in the panels below.
Middle Panel
Packet Details
The middle panel breaks the selected packet into layers, making it easier to understand how the traffic is structured and what each protocol is doing.
- Ethernet II – Local network frame information
- Internet Protocol (IP) – Source and destination IP addresses
- TCP or UDP – Transport layer details such as ports and flags
- Application protocols – DNS, HTTP, TLS, and other higher-level data
A user can expand each layer to inspect fields such as port numbers, sequence numbers, flags, checksums, and TTL values.
Bottom Panel
Packet Bytes
The bottom panel shows the raw bytes of the selected packet in hexadecimal and ASCII format.
This view is useful when a user wants to inspect the exact data being transmitted, verify low-level values, or compare what Wireshark has decoded against the original packet contents.
How the Three Panels Work Together
The Wireshark interface is designed to help a user move naturally from overview to detail. A user starts in the packet list, chooses a packet that stands out, reviews its decoded layers in the packet details panel, and then inspects the raw bytes if needed.
Together, these three panels give a user a complete view of network traffic, from a quick summary all the way down to the exact bytes sent across the wire.