Skip to content
Nov 18 / Greg

Quick Filtering in Wireshark

After you have done a wireshark capture, you will most often want to cull out some of the information. You do this using filters. You can use the filter builder, which is a slow process, you can memorize what to type or you can simply right click 🙂

22K packets captured

22K packets captured

Right click on the exact piece of information you want to filter by (include or exclude) and choose “apply as filter”. This will allow you to quickly add or exclude it in the filter options.

Right click on the source MAC address and choose Apply as filter -> not selected
Filtered down to 75 entries

Filtered down to 75 entries

Filed under Uncategorized

2 Comments

leave a comment
  1. Jimmy / Nov 24 2009

    I perfer to use Packetyzer. Its based off Ethereal, but just seems so much cleaner.

    http://paglo.com/opensource/packetyzer_thankyou

  2. Greg / Nov 24 2009

    Jimmy :
    I perfer to use Packetyzer. Its based off Ethereal, but just seems so much cleaner.

    http://paglo.com/opensource/packetyzer_thankyou

    Yar…I’ve gotten used to wireshark and it’s power…sooooo many options.

Leave a Comment

CAPTCHA

*