Ask Your Question

Revision history [back]

There is no further explanation of filter fields in Wireshark except the info in the source code attached to the creation of each filter field.

This info is available in the fields definition, and in the status bar if you click on a field in the packet details pane.

Each protocol will have the definitions of the fields in some sort of RFC or specification document (which may not be freely available) and the dissector developer will then name the filter fields as they see fit.

So, to find out the meaning of the filter fields, you need to go to the source definition of the protocol and hopefully the filter field names will tie up with the information there.