Filter Expression Buttons

Filter Expression Buttons are buttons you can create that are based on display filters; these can be used to quickly apply previously-saved display filters to your capture data to identify network and application problems.

For example, to create a Filter Expression Button option that displays just TCP SYN, SYN/ACK, FIN, or RST packets to analyze the TCP session setup parameters, network round-trip delay times, and session terminations:

Type the following display filter string into the Filter textbox on the Display Filter Bar:

(tcp.flags&02 && tcp.seq==0) ||  (tcp.flags&12 && tcp.seq==0) || (tcp.flags.ack && tcp.seq==1 && !tcp.nxtseq > 0 && !tcp.ack >1)  || tcp.flags.fin == 1 || tcp.flags.reset ==1

Clicking on Apply will apply ...

Get Wireshark Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Wireshark Essentials by James H. Baxter

Filter Expression Buttons

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly