How do you choose a filter under capture?    
   I have started Wireshark. Under the Capture page, it asks to choose a filter. WHat filter should I choose?
it asks to choose a filter
The Wireshark mai screen says "...using this filter", with the box for the filter saying "Enter a capture filter: ...".
The capture options dialog (Capture > Options) says "Capture filter for selected interfaces:", with the box for the filter again saying "Enter a capture filter: ...".
The key word here is "enter", not "choose". It's not as if Wireshark offers a limited set of filters from which you must choose one. It allows you to type in an arbitrary capture filter...
...including an empty filter, i.e. don't type anything in.
If you've already typed in filters and done captures with them, they will be remembered by Wireshark, and it will let you choose one of them from a drop-down menu. If you haven't, there won't be any from which to choose.
The capture filter controls which packets that arrive on the interfaces on which Wireshark is capturing will be seen by Wireshark; all the packets that match the filter expression will be seen by Wireshark, and the others will be discarded.
If the filter is empty, all packets will be seen.
The pcap-filter man pagedescribes the syntax of capture filters and what packets a filter matches. For example "host www.google.com" matches all packets sent to or from www.google.com.
You don't _have_ to filter anything, so can leave it empty. _But_ if you want to limit what frames are captured from an interface you can add a capture filter expression. See here for more details.
Asked: 2021-11-18 19:51:02 +0000
Seen: 650 times
Last updated: Nov 19 '21
I am using Win10