Can I set default *Find Packet...* settings?

asked 2019-08-19 13:52:13 +0000

JimRhodes gravatar image

It is extremely annoying that I have to select items from three different drop lists every time I want to search for something in the captured data. I use the same settings 99% of the time but Wireshark does not remember them.

answered 2019-09-13 11:46:17 +0000

Stig gravatar image

The find packet settings will be stored in the upcoming version 3.2 release.

answered 2019-08-20 01:04:39 +0000

Hi War Machine,

I like Find Packet too because of the way it allows you to jump from one matching packet to the next.

I find that using buttons is a good way of having my most used filters easily accessible.

For everyone's benefit, here's how to create a simple button.

Apply your (most used) display filter to make sure it works as expected.

Click on the PLUS SIGN ( + ) on the right-hand side of the display filter and enter a short name and description.

image description

Hope this helps.



What if you're not searching based on a display filter? The Edit -> Find Packet (Ctrl+F) feature allows searching for display filters, hex values, strings and regular expressions, and it allows you to focus that search in the packet list, packet details, or packet bytes. For string searches, you can further search based on the type of data, either "Narrow & Wide", Narrow (UTF-8/ASCII), or Wide (UTF-16). You can't create a button for all of these types of searches, and you certainly can't save these searches either, which is what the question was about.

cmaynard gravatar imagecmaynard ( 2019-08-20 14:50:56 +0000 )edit

I didn't read the question the same way you did. I can see your point. Honestly, I was just trying to help.

Spooky gravatar imageSpooky ( 2019-08-20 20:53:38 +0000 )edit

No worries; we're all here to try to help and my comment wasn't intended to dismiss your answer outright, but just point out that there are other use cases you may not have considered. Maybe your suggestion helped @JimRhodes for some search scenarios, in which case, it may very well be a sufficient enough answer for his purposes. I was looking at it from a more general search point of view though.

cmaynard gravatar imagecmaynard ( 2019-08-20 20:59:52 +0000 )edit

answered 2019-08-19 14:09:25 +0000

cmaynard gravatar image

Enhancement requests can be opened on the Wireshark Bugzilla site.

Asked: 2019-08-19 13:52:13 +0000

