User Guide
Working with captured packets
104
Item Identical to main
menu's item:
Description
Protocol
Preferences...
- The menu item takes you to the properties dialog and selects
the page corresponding to the protocol if there are properties
associated with the highlighted field. More information on
preferences can be found in Figure 10.8, “The preferences dialog
box”.
-----
Decode As... Analyze Change or apply a new relation between two dissectors.
Disable Protocol Allows you to temporarily disable a protocol dissector, which
may be blocking the legitimate dissector.
Resolve Name View Causes a name resolution to be performed for the selected packet,
but NOT every packet in the capture.
Go to
Corresponding
Packet
Go If the selected field has a corresponding packet, go to it.
Corresponding packets will usually be a request/response packet
pair or such.
6.3. Filtering packets while viewing
Wireshark has two filtering languages: One used when capturing packets, and one used when displaying
packets. In this section we explore that second type of filter: Display filters. The first one has already been
dealt with in Section 4.12, “Filtering while capturing”.
Display filters allow you to concentrate on the packets you are interested in while hiding the currently
uninteresting ones. They allow you to select packets by:
• Protocol
• The presence of a field
• The values of fields
• A comparison between fields
• ... and a lot more!
To select packets based on protocol type, simply type the protocol in which you are interested in the Filter:
field in the filter toolbar of the Wireshark window and press enter to initiate the filter. Figure 6.6, “Filtering
on the TCP protocol” shows an example of what happens when you type tcp in the filter field.
Note!
All protocol and field names are entered in lowercase. Also, don't forget to press enter after
entering the filter expression.