Searching for certain flow in Wireshark

asked 2024-12-11 11:07:59 +0000

nonomer174 gravatar image

Hi

I want to know if there is a way I can see certain traffic flow of specific communication between related source & destination IPs/Ports for particular session . For example I run wireshark and total capture was 1000 flows , i want to see the related flow of specific traffic (which might be 50 out of 1000 flows) ,, This is something shouldn't come in display or capture filter i believe but i don't know how can i do this ??

Thank you .

edit retag flag offensive close merge delete

Comments

Can you define what a "flow" is? You can certainly set both capture and display filters to only show the traffic meeting your src\dst\port requirements.

grahamb gravatar imagegrahamb ( 2024-12-11 11:33:45 +0000 )edit

Suppose I did 10 testing sessions , and it generates 1000 packets ... I want to see the related flow of 1st session only ( may be 30-50 packets ...etc )

nonomer174 gravatar imagenonomer174 ( 2024-12-11 12:17:39 +0000 )edit

Depends on the protocol, for example you can use the display filters tcp.stream eq x or udp.stream eq x if using those protocols, where x is the stream number.

grahamb gravatar imagegrahamb ( 2024-12-11 12:36:15 +0000 )edit

I think Laura has a couple of very good video's on the subject of how to customize your views in personalized profiles. That way you can add certain fields you find interresting into the fields shown.

For example: https://www.youtube.com/watch?v=ZhpFU...

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2024-12-11 13:25:57 +0000 )edit
add a comment