 | 1 | initial version |
If you're looking for a Wireshark display filter that only displays frames between your pings, you can do this using frame numbers. For example, suppose your 1st ping occurs at frame number 1000 and your 2nd ping occurs at frame number 2000, then you could use this:
(frame.number > 1000) && (frame.number < 2000)
You can also use timestamps to accomplish the same thing. For example:
(frame.time > "Apr 5, 2018 10:00:00") && (frame.time < "Apr 5, 2018 12:00:00")
TIP: So you don't have to manually type the entire filter, expand the frame details for the 1st ping packet and then right-click on the frame number or frame arrival time (or frame epoch time) and choose, "Prepare a Filter -> Selected". Do the same for the 2nd ping packet except right-click but choose, "Prepare a Filter -> ... and Selected" instead. After that, just change the equality == operators to > and <, respectively.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.