Working with Wireshark
Click on the first packet to select it, and turn your attention to the middle section of
the window. We can see five lines of information. Each corresponds to a layer in the
network stack and the protocol that is being used in this layer. While keeping an
eye on the raw listing of the packets in the bottom section of the screen, click on the
different lines in the middle section. You'll see that different areas of the raw packet
listing get highlighted. The highlighted areas are the sections of the raw packet that are
relevant for the protocol that you clicked on. For the first layer (the line beginning in
Frame), it highlights the whole packet, since the whole packet is what's sent over the
wire. For the last layer, Hypertext Transfer Protocol, it highlights the section of the
packet that is the HTTP request, as shown in the preceding example. For the layers in
between, it just highlights the header for that protocol's encapsulated packet.
We can drill into the header data for each encapsulated packet by clicking on the
triangle or + symbols to the left of each protocol line in the middle section. If we do
this for the Hypertext Transfer Protocol line, we get something like this:
The HTTP headers in our request have been interpreted by Wireshark and broken
out to make them more readable. You can explore the other protocols' data in the
same way.
Let's inspect the second packet that we captured, the HTTP response. Click on it now
in the top section of the window: