Save this filter: After you create a filter, you can save the filter to the bookmark by selecting this option. When working with bookmarks, you will see configuration options that include the following: If you click on the icon you will see options, along with several pre-loaded filters that you can use, as shown here: Figure 7.8 - Display filter bookmark dropdown This is where Wireshark's built-in filters and any user-saved filters reside. On the right-hand side of the display filter, there is a blue toolbar icon called bookmarks. 
In the next section, we'll see how, when you do get a display filter that works and you would like to reuse it, you can save it to a bookmark. Wireshark will then add the new filter to the dfilters.txt file.
Once copied, you can modify the filter without changing the original.
A copy icon will copy a display filter. Select (highlight) the filter you want to remove and hit the minus sign to remove the filter from the dialog box and update the dfilters.txt file. A minus icon will delete a display filter. When selected, Wireshark will create a space where you enter a name on the left and the actual filter on the right, as shown in Figure 7.7. A plus icon will add a new display filter. Once there, you can select one of the three icons as shown in the lower left-hand corner of the Display Filters dialog box: Within the toolbar is the text Apply a display filter., where you can easily apply and edit display filters, as shown here: Figure 7.6 - Wireshark startup screen Across the top, below the icons, is the filter toolbar. When you launch Wireshark, you will see the startup screen. It's not uncommon to have a capture with over 3,000 packets containing many different types of traffic. While capturing traffic, or analyzing a pre-captured file, display filters help to narrow the scope and home in on specific types of traffic. Download a PDF of Chapter 7 to also learn how to create capture filters, filter network traffic, use shortcuts and more.Ĭheck out an interview with Bock, where she elaborates on Wireshark use cases and how to use Wireshark profiles. In the following excerpt from Chapter 7 of her book, "Using Display and Capture Filters," Bock explains about how to create, edit and use display filters. Wireshark display filters help narrow the scope of traffic analysis during packet filtering, said Lisa Bock, author of Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark, Second Edition.
0 kommentar(er)
