Configuring display filters

In order to configure display filters, you can choose one of the several options:

Choosing from the filters menus
Writing the syntax directly into the display filter window (while working with Wireshark; after a while this will become your favorite)
Choosing a parameter in the packet pane and defining it as a filter
Using tshark or wireshark with command line ; this will be discussed in Appendix

This chapter discusses the first three options.

Getting ready

In general, a display filter string takes the form of a series of primitive expressions connected by conjunctions (and, or, or something else) and optionally preceded by not:

[not] Expression [and|or] [not] Expression...

While Expression can be any filter expression, such ...

Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Analysis Using Wireshark Cookbook by Yoram Orzach

Configuring display filters

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly