 | 1 | initial version |
Capture filters work on raw packets; they're executed either in the kernel (on Linux, *BSD, macOS, Solaris 11, AIX, and Windows) or in libpcap (HP-UX, Solaris 10 and earlier) before they get to Wireshark and thus before any decryption is done.
This means they do not work on the payload of 802.11 packets on a protected network; you can only filter on 802.11 MAC header fields.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
