Wireshark

INTERFACE

Orange - Packet's List

Blue - Packet's Details.

Keep in mind, Wireshark will show this encapsulation in reverse order with lower layer encapsulation at the top of the window and higher levels at the bottom.

Green - Packet's Bytes

DISPLAY FILTERS

ip.addr == 13.13.13.13 	      # Capture only traffic pertaining to a certain host. This is an OR statement.
ip.addr == 13.13.13.13/24     # Capture traffic pertaining to a specific network. This is an OR statement.
ip.src/dst == 13.13.13.13     # Capture traffic to or from a specific host
dns / tcp / ftp / arp / ip    # Filter traffic by a specific protocol. There are many more options.
tcp.port == 20 	              # Filter by a specific tcp port.
tcp.port / udp.port != 20     # Will capture everything except the port specified
and / or / not 	              # AND will concatenate, OR will find either of two options, NOT will exclude your input option.

CAPTURE FILTERS

host 13.13.13.13 	          # Capture only traffic pertaining to a certain host
net 13.13.13.13/24 	          # Capture traffic to or from a specific network (using slash notation to specify the mask)
src/dst net 13.13.13.13/24        # Using src or dst net will only capture traffic sourcing from the specified network or destined to the target network
port 20 	                  # will filter out all traffic except the port you specify
not port 20 	                  # will capture everything except the port specified
port 20 and 21 	                  # AND will concatenate your specified ports
portrange 20-1000 	          # portrange will grab traffic from all ports within the range only
ip / ether / tcp 	          # These filters will only grab traffic from specified protocol headers.
broadcast / multicast / unicast   # Grabs a specific type of traffic. one to one, one to many, or one to all.

FEATURES

Statistics

TCP Streams

To check TCP Stream just click Right Mouse button on packet and click "Follow"

File Extraction