Wireshark mailing list archives
Re: Is there a way to easily go to the next packet that satisfies a filter string without filtering the packets
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Sun, 21 Mar 2021 07:23:16 +1000
Doesn't wireshark already have this? CTRL-F and then type in the filter string then click "Find" and it will cycle through the packets that are matching. On Sun, Mar 21, 2021 at 7:18 AM Richard Sharpe <realrichardsharpe () gmail com> wrote:
Hi folks, I use Wireshark a great deal in my job because I am always looking at captures when trying to figure out bugs in our code. I often have captures with a lot of different types of packets and need to find a particular set of packets of mixed type, eg SMB2 followed by the NFS packets caused by the SMB2 request or SMB2 followed by the Kerberos packets caused etc. What I would like to be abe to do is to set up a filter string for a specific type of SMB2 request, say, based on source and dest IP and maybe type (ie, a CREATE, or whatever) and then go to the first such packet in the capture and then examine the subsequent packets to see if they satisfy my criteria. If they don't then I would like to go the next packet that satisfies my filter string and examine them, and so on until I find what I am looking for. I will usually also have filtered already on two types of frames (or a few types) like SMB2 || NFS. Currently, the only way I can think to do this is to filter on SMB2, select the first one I am interested in, unfilter (or refilter), examine the packets, and if they are not what I am interested in, refilter on SMB2 and select the next packet, and so on. The workflow is quite painful. Is there a simpler way to do this? If not, could we add a button for Next packet satisfying filter? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Is there a way to easily go to the next packet that satisfies a filter string without filtering the packets Richard Sharpe (Mar 20)
- Re: Is there a way to easily go to the next packet that satisfies a filter string without filtering the packets ronnie sahlberg (Mar 20)
- Re: Is there a way to easily go to the next packet that satisfies a filter string without filtering the packets chuck c (Mar 20)