Chapter 2. Filtering Our Way in Wireshark

This chapter will talk about different filtering options available in Wireshark, namely, capture and display filters. We will also look at how to create and use different profiles. The following are the topics we will cover in this chapter:

• An introduction to capture filters
• Why and how to use capture filters
• Lab up—capture filters
• An introduction to display filters
• Why and how to use display filters
• Lab up—display filters
• Colorizing traffic
• Creating a new Wireshark profile(s)
• Lab up—profiles

I hope you are ready to start analyzing packets using different filtering options present in Wireshark and to reuse the filters that we previously created in a user-defined profile. I will be guiding you with a technique to filter packets based on certain expressions, which we will create using different primitives that are available.

Before we go ahead and start creating awesome filters, I want to mention one more interesting tool that is used to find packets: the find utility.