Wireshark mailing list archives

Re: Launching a new window from Display filters

From: Abhik Sarkar <sarkar.abhik () gmail com>
Date: Thu, 4 Oct 2012 02:42:25 +0400

If you already have a display filter applied and want to add more filters
on to the results to narrow down the results, you could use one of the
latter options from the "Apply as Filter" sub-menu from the Packet Details
context menu.

For example, in the attached screenshots, the display filter "tcp.stream eq
0" was already applied. I then chose to apply another filter onto that to
narrow down the results further.

HTH
Abhik.

On Tue, Oct 2, 2012 at 6:24 PM, FS <bastiji () gmail com> wrote:

Folks - My sincere thanks for a wonderful product which has saved the day
for me many times. There's one thing I haven't been able to do so far and I
thought asking the knowledgeable folks here might be a good idea. I did try
googling without any luck.

The workflow of using wireshark, for me at least, is to open a capture,
focus in on a conversation and then try and use further filters to get the
information I'm looking for. Is there a way to launch a separate Wireshark
window instance with the results of the display filter, so within the new
window I can use further display filters to get the data I want. Currently
if the display filter doesn't show what I want, then I have to clear the
filter completely and re-type (or paste depending on circumstance) the
filters again and start afresh.

I know I can save the displayed packets as a separate capture, and then
open it up, but hoping there is another better way to do it.

Any help appreciated!

Thanks,
Basti Ji

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

Attachment: Display filter.pdf
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Launching a new window from Display filters FS (Oct 02)
- Re: Launching a new window from Display filters Jaap Keuter (Oct 02)
- Re: Launching a new window from Display filters Abhik Sarkar (Oct 03)
  - Re: Launching a new window from Display filters FS (Oct 09)
    - Re: Launching a new window from Display filters Christopher Maynard (Oct 10)
    - Re: Launching a new window from Display filters FS (Oct 20)
    - Re: Launching a new window from Display filters FS (Oct 20)
    - Re: Launching a new window from Display filters Christopher Maynard (Oct 22)
    - Re: Launching a new window from Display filters FS (Oct 22)