Wireshark - 1.9 Mode D'Emploi

Working with captured packets

104

-

The  menu  item  takes  you  to  the  properties  dialog  and  selects
the  page  corresponding  to  the  protocol  if  there  are  properties
associated  with  the  highlighted  field.  More  information  on
preferences can be found in 

-----

Analyze

Change or apply a new relation between two dissectors.

Allows  you  to  temporarily  disable  a  protocol  dissector,  which
may be blocking the legitimate dissector.

View

Causes a name resolution to be performed for the selected packet,
but NOT every packet in the capture.

Go

If  the  selected  field  has  a  corresponding  packet,  go  to  it.
Corresponding packets will usually be a request/response packet
pair or such.

Wireshark has two filtering languages: One used when capturing packets, and one used when displaying
packets. In this section we explore that second type of filter: Display filters. The first one has already been
dealt with in 

.

Display filters allow you to concentrate on the packets you are interested in while hiding the currently
uninteresting ones. They allow you to select packets by:

• Protocol

• The presence of a field

• The values of fields

• A comparison between fields

• ... and a lot more!

To select packets based on protocol type, simply type the protocol in which you are interested in the Filter:
field in the filter toolbar of the Wireshark window and press enter to initiate the filter. 

 shows an example of what happens when you type tcp in the filter field.

All protocol and field names are entered in lowercase. Also, don't forget to press enter after
entering the filter expression.