Configuring display filters
In order to configure display filters, you can choose one of the several options:
- Choosing from the filters menus
- Writing the syntax directly into the display filter window (while working with Wireshark; after a while this will become your favorite)
- Choosing a parameter in the packet pane and defining it as a filter
- Using
tsharkorwiresharkwith command line ; this will be discussed in Appendix
This chapter discusses the first three options.
Getting ready
In general, a display filter string takes the form of a series of primitive expressions connected by conjunctions (and, or, or something else) and optionally preceded by not:
[not] Expression [and|or] [not] Expression...
While Expression can be any filter expression, such ...
Get Wireshark Revealed: Essential Skills for IT Professionals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
