 | 1 | initial version |
it asks to choose a filter
The Wireshark mai screen says "...using this filter", with the box for the filter saying "Enter a capture filter: ...".
The capture options dialog (Capture > Options) says "Capture filter for selected interfaces:", with the box for the filter again saying "Enter a capture filter: ...".
The key word here is "enter", not "choose". It's not as if Wireshark offers a limited set of filters from which you must choose one. It allows you to type in an arbitrary capture filter...
...including an empty filter, i.e. don't type anything in.
If you've already typed in filters and done captures with them, they will be remembered by Wireshark, and it will let you choose one of them from a drop-down menu. If you haven't, there won't be any from which to choose.
The capture filter controls which packets that arrive on the interfaces on which Wireshark is capturing will be seen by Wireshark; all the packets that match the filter expression will be seen by Wireshark, and the others will be discarded.
If the filter is empty, all packets will be seen.
The pcap-filter man page describes the syntax of capture filters and what packets a filter matches. For example "host www.google.com" matches all packets sent to or from www.google.com.
