 | 1 | initial version |
linux: grep your_string your_file_name | wc -l , but what does this have to do with Wireshark?
| | 2 | No.2 Revision |
linux: Edit according to the comment below:grep your_string your_file_name | wc -l ,
sorry, I was confused by keywords "string" and "line" which normally refer to text processing.
In Wireshark itself you cannot filter packets by contents of the Info column. You have to use the display filter field - it may seem complex first but what does it is actually not, and filtering this have to do with Wireshark?
To avoid misleading you: you can use the display filter to search for strings in raw packet data or in dissected protocol fields, but not in the Info column as doing so would rarely be useful.
So for your example, you would use display filter expressions like tcp.analysis.retransmission (hint: start typing tcp. and Wireshark will suggest you possible completions).
Once you compose your filter and the display filter field colour is green, press the --> button to the end of the display filter field. The list of packets will shrink to those matching that filter expression.
In the status line at the right bottom of the Wireshark window you'll see a summary: Packets: X, Displayed: Y. "Displayed" means "matching the display filter expression".
| | 3 | No.3 Revision |
Edit according to the comment below:
sorry, I was confused by keywords "string" and "line" which normally refer to text processing.
In Wireshark itself you cannot filter packets by contents of the Info column. You have to use the display filter field - it may seem complex first but it is actually not, and filtering this way is much more powerful than text search on the summary information.
To avoid misleading you: you can use the display filter to search for strings in raw packet data or in dissected protocol fields, but not in the Info column as doing so would rarely be useful.
So for your example, you would use display filter expressions like tcp.analysis.retransmission (hint: start typing tcp. and Wireshark will suggest you possible completions).
Once you compose your filter and the display filter field colour is green, press the --> button to the end of right from the display filter field. The list of packets will shrink to those matching that filter expression.
In the status line at the right bottom of the Wireshark window you'll see a summary: Packets: X, Displayed: Y. "Displayed" means "matching the display filter expression".
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
