From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Displaying data using filters - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Displaying data using filters
- [Instructor] Within Wireshark and most packet capture tools, there are filters to help refine your view. We have display filters, we can apply some filter shortcuts. We can build an expression, and create complex filters. And we can also create a capture filter to capture only a certain type of traffic. I'm at this packet capture here and, as you can see, there's over 3000 packets and a lot of different types of traffic. The display filter, as you can see here, it says, apply a display filter. We use a display filter when we've already captured some packets or are actively capturing packets. When you use the display filter, it's very simple. You simply type whatever it is you would like to display. For example, I would just like TCP traffic. So, I'll type TCP. And then over here, we can either press enter or simply go. Now within that, of course, TCP is the transport layer protocol, and we see a lot of different types…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Baseline your network4m 11s
-
Displaying data using filters3m
-
Creating complex filters5m 24s
-
Capture filters3m 18s
-
Using statistics3m 14s
-
Save, export, and print6m 28s
-
Coloring rules3m 55s
-
Using a ring buffer4m 24s
-
Challenge: HTTP packets39s
-
Solution: HTTP packets1m 27s
-
Challenge: Firewall rules1m 27s
-
Solution: Firewall rules3m 37s
-
-
-
-