Every now and then a user asks, if it is possible to use a display filter to search for items in the Info column in Wireshark.
At the moment this is not possible, because the Info column is not a filterable field.
But you can open the files, you have captured with Wireshark in Network Monitor and let Network Monitor do the trick.
Microsoft Network Monitor 3.4 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network.
Microsoft Network Monitor 3.4 is free and you can download it here.
Continue reading to learn more about applying Display Filters in Network Monitor.
Microsoft Network monitor
Open the capture file in Network monitor.
The Info column in Wireshark provides the same information as the Description column in Network Monitor.
You can prepare a Display Filter by typing a filter in the Filter Window.
It is easier to right-click on an item in the description column and choose "Add 'Description' to Display Filter" from the context menu.
The Display Filter is added to the Filter Window.
You only have to hit the Apply button on the Filter Toolbar to see the result.
Example:
Description == "HTTP:Request, GET /favicon.ico "
After applying this Display Filter, all packets with exact this Description, are displayed.
If you do not know exactly, what you are looking for, you can use:
Description.contains("search item")
Here is an example:
Description.contains("get /badge")
All packets, that contain the string "get /badge" anywhere in the Description, are displayed.
Combine Display Filters
Display Filters can be combined by using the valid operators AND and OR.
You can also use && and ||.
Here are some examples:
Description.contains("request") || Description.contains("response")
(Description.contains("request") && Description.contains("arp")) || (Description.contains("response") && Description.contains("http"))
Happy Capturing.
Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.
What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.
Recent Comments