Wireshark · Wireshark-users: Re: [Wireshark-users] Filter out a string using a display filter

Wireshark-users: Re: [Wireshark-users] Filter out a string using a display filter

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 14 May 2010 10:05:00 -0700

On May 14, 2010, at 4:13 AM, Panagiotis Georgopoulos wrote:

> 	a) is there a reference table somewhere that describes these values
> e.g. that 0x04 is probe request and 0x05 is probe reply?

	http://standards.ieee.org/getieee802/802.11.html

Look for IEEE Std 802.11-2007.

> 	b) is there a way to instruct Wireshark to filter based on the info
> it presents in the info field for a packet? (which is what the user sees, so
> IMHO it makes much more sense)

The user sees both the Info field *and* the detailed dissection, so it makes sense to offer both the ability to filter on the contents of the Info field *AND* on the contents of particular filterable fields.

There is currently no way to say

	info contains "Probe response"

although something such as that would be a useful enhancement.

References:
- [Wireshark-users] Filter out a string using a display filter
  - From: Panagiotis Georgopoulos
- Re: [Wireshark-users] Filter out a string using a display filter
  - From: Anthony Murabito
- Re: [Wireshark-users] Filter out a string using a display filter
  - From: Guy Harris
- Re: [Wireshark-users] Filter out a string using a display filter
  - From: Panagiotis Georgopoulos

Prev by Date: [Wireshark-users] File Transfer and Placement
Next by Date: Re: [Wireshark-users] File Transfer and Placement
Previous by thread: Re: [Wireshark-users] Filter out a string using a display filter
Next by thread: [Wireshark-users] remote capture framework
Index(es):
- Date
- Thread