Wireshark - 1.0 Betriebsanweisung
6.3. Filtering packets while viewing
Wireshark has two filtering languages: One used when capturing packets, and one used when dis-
playing packets. In this section we explore that second type of filter: Display filters. The first one
has already been dealt with in
playing packets. In this section we explore that second type of filter: Display filters. The first one
has already been dealt with in
.
Display filters allow you to concentrate on the packets you are interested in while hiding the cur-
rently uninteresting ones. They allow you to select packets by:
rently uninteresting ones. They allow you to select packets by:
•
Protocol
•
The presence of a field
•
The values of fields
•
A comparison between fields
•
... and a lot more!
To select packets based on protocol type, simply type the protocol in which you are interested in the
Filter: field in the filter toolbar of the Wireshark window and press enter to initiate the filter.
Filter: field in the filter toolbar of the Wireshark window and press enter to initiate the filter.
shows an example of what happens when you type tcp in
the filter field.
Note!
All protocol and field names are entered in lowercase. Also, don't forget to press enter
after entering the filter expression.
after entering the filter expression.
Figure 6.5. Filtering on the TCP protocol
Working with captured packets
112