Chapter 4. WORKING WITH CAPTURED PACKETS

Now that you've performed your first packet capture, we'll cover a few more basic concepts that you need to know about working with those captured packets in Wireshark. This includes finding and marking packets, saving capture files, merging capture files, printing packets, and changing time display formats.

Finding and Marking Packets

Once you really get into doing packet analysis, you will eventually encounter scenarios involving a very large number of packets. As the number of these packets grows into the thousands and even millions, you will need to be able to navigate through packets more efficiently. This is the reason Wireshark allows you to find and mark packets that match certain criteria.

Finding ...

Get Practical Packet Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Packet Analysis by

Chapter 4. WORKING WITH CAPTURED PACKETS

Finding and Marking Packets

Finding ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly