Nobody ever saw that he simply picked the correct filter syntax from there, and everyone was very impressed with his Wireshark skills, “memorizing” all these filter expressions 🙂 My buddy Eddi used to impress people with the speed he could tell what the correct filter name was for a field in the decode, but that was just some Wireshark sleigh of hand – whenever you select a field, the status bar will show the according filter in the lower left corner. Basic filteringĪs I said, in really old Wireshark versions, the filter box did not yet help with finding the correct filter, so it often took quite some time to get the filter expression right. We don’t even need the excellent “Wireshark Display Filter” cheat sheets from anymore (well, Jeremy still has a lot of other, really helpful cheat sheets, so check them out). You can filter on almost anything in a packet, and ever since the filter box started suggesting possible filter expressions it got really easy to find the one you wanted. Wireshark has a lot of display filters, and the filtering engine is really powerful.
0 kommentar(er)
