Wireshark mailing list archives

Re: Launching a new window from Display filters

From: FS <bastiji () gmail com>
Date: Sun, 21 Oct 2012 00:35:39 -0400

Sorry, sent by mistake before completing email. Rest of email below!

Thanks

On Sun, Oct 21, 2012 at 12:34 AM, FS <bastiji () gmail com> wrote:



On Wed, Oct 10, 2012 at 1:17 PM, Christopher Maynard <
Christopher.Maynard () gtech com> wrote:

FS <bastiji@...> writes:

Thank you for the replies. Both excellent suggestions. Here's another

one for
you gurus then. Lets say I start with a 1 Gig capture file. I see a lot of
extraneous chit-chat which I want to completely eradicate and then look
at the
rest of the streams left. I was thinking more of an option of choose a
display
filter, and then an option to sort of "discard" the results of the filter
and
focus on the rest of the capture/conversations.An example could be using a
display filter to filter out the broadcast/arp/multicast traffic, and then
analyze the leftover data. Again, this can be accomplished by saving the
resulting 'noise-free' capture, and then re-opening it to further dissect
it,
but is there another way to do this?Many thanks for the responses so
far!Regards,Basti

You can apply a display filter, for example, "arp", then choose, "Edit ->
Ignore
All Displayed Packets (toggle)".  This doesn't discard them, per se, but
those
packets will no longer match any future display filters you might apply,
as
Wireshark will now ignore them as if they were no longer present.

Ref:
http://www.wireshark.org/docs/wsug_html_chunked/ChWorkIgnorePacketSection.html


Thank you. I got the opportunity to look at another packet capture utility
a couple of days ago. The gentleman showed me some tricks around that
(Omni-peek to be precise) and this is the feature that caught my eye
instantly. When choosing x number of packets, and selecting "Select related
to" or some such option, it presented with these four options:

- Hide selected packets
- Hide unselected packets

- Copy selected packets to another window
- Close

What can we do to get the third option in wireshark?

Thanks,
Basti Ji

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Launching a new window from Display filters FS (Oct 02)
- Re: Launching a new window from Display filters Jaap Keuter (Oct 02)
- Re: Launching a new window from Display filters Abhik Sarkar (Oct 03)
  - Re: Launching a new window from Display filters FS (Oct 09)
    - Re: Launching a new window from Display filters Christopher Maynard (Oct 10)
    - Re: Launching a new window from Display filters FS (Oct 20)
    - Re: Launching a new window from Display filters FS (Oct 20)
    - Re: Launching a new window from Display filters Christopher Maynard (Oct 22)
    - Re: Launching a new window from Display filters FS (Oct 22)