Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5
181182183184185186187188189190
9.7. Display Filter Macros
Display Filter Macos are a mechanism to create shortcuts for complex filters. For example defining
a display filter macro named tcp_conv whose text is ( (ip.src == $1and ip.dst == $2 and tcp.srcpt
== $3 and tcp.dstpt == $4) or (ip.src == $2and ip.dst == $1 and tcp.srcpt == $4 and tcp.dstpt
== $3) ) would allow to use a display filter like ${tcp_conv:10.1.1.2;10.1.1.3;1200;1400} instead of
typing the whole filter.
Display Filter Macos can be managed with a Section 9.6, “User Table” selecting the Display Filter
Macros menu item from the View Menu. The User Table has the following fields
name the name of the macro.
text the replacement text for the macro it uses $1, $2, $3, ... as the input arguments.
Customizing Wireshark
169