 | 1 | initial version |
As noted in the user guide, there are two types of filters; capture filters that limit the traffic that is captured and display filters that limit the traffic that is displayed from a capture.
While a capture filter can be useful to limit the traffic under investigation, when troubleshooting certain issues the capture filter can drop packets that may be essential, e.g. icmp, so at first don't set a capture filter. The capture filter syntax is detailed here](http://www.tcpdump.org/manpages/pcap-filter.7.html), some examples can be found here and in general a port filter is port <port number>.
Display filter syntax is detailed here and some examples can be found here and a port filter for tcp is tcp.port == <port number> and for udp is udp.port == <port number>.
| | 2 | No.2 Revision |
As noted in the user guide, there are two types of filters; capture filters that limit the traffic that is captured and display filters that limit the traffic that is displayed from a capture.
While a capture filter can be useful to limit the traffic under investigation, when troubleshooting certain issues the capture filter can drop packets that may be essential, e.g. icmp, so at first don't set a capture filter. The capture filter syntax is detailed here](http://www.tcpdump.org/manpages/pcap-filter.7.html), here, some examples can be found here and in general a port filter is port <port number>.
Display filter syntax is detailed here and some examples can be found here and a port filter for tcp is tcp.port == <port number> and for udp is udp.port == <port number>.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
