Using Filters

Filters allow you to specify exactly which packets you have available for analysis. Simply stated, a filter is an expression that defines criteria for the inclusion or exclusion of packets. If there are packets you don’t want to see, you can write a filter that gets rid of them. If there are packets you want to see exclusively, you can write a filter that shows only those packets.

Wireshark offers two main types of filters:

Capture filters are specified when packets are being captured and will capture only those packets that are specified for inclusion/exclusion in the given expression.
Display filters are applied to an existing set of captured packets in order to hide unwanted packets or show desired packets based on the specified ...

Get Practical Packet Analysis, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Packet Analysis, 2nd Edition by

Using Filters

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly