Defining and saving filters is a way to create shortcuts for complex display filters in Wireshark. We can create pre-defined filters that appear in the capture and display filter bookmark menus. We can define a filter in Wireshark and tag it to use later. This saves time in recalling and writing some commonly used and complex display filters every time when we want to use them.
Defining/Saving Filters:
To define and save the capture filter, follow the steps below:
- Start the Wireshark by selecting the network we want to analyze or opening any previously saved captured file.
- Now go into the Wireshark and click on the Capture → Capture Filters menu or toolbar item.
This will bring up Wireshark’s “Capture Filters” dialogue box.
Display filters can be created or edited by :
- Clicking on the Analysis → Display Filters menu or toolbar item.
- This will bring up Wireshark’s “Display Filters” dialogue box.
The appearance and the function of the two dialogue boxes are similar to one another. The “+” option allows us to add a new filter to the list. We can give the filter name to identify the filter. While writing a filter in the filter expression field, the green background color indicates that the expression is valid. The “-” option allows us to delete the selected filter. The OK option saves the filter settings and closes the dialogue box.