The display filter (which is much more powerful and complex) will permit to search exactly the data we want. If we change our mind, we can always change the filters set to select other set of packages (but remember that we can't this way select packages rejected by first type of filters - the capture filters). Simply speaking, display filters narrow packet set from what has been recorded to what interests us now. They can be modified while data is captured.
Display filters: Used to search inside the captured logs. The capture filter is used as a first large filter to limit the size of captured data to avoid generating a log too big. Simply speaking, capture filters select the data to be saved and irrevocably throws other away. There is no method to get information filtered out by this filters. They are defined before starting the capture. Capture filters: Used to select the data to record in the logs. This is the place and time when filter are handy - they will help us to target, in the prolific logs, the data we are looking for. Too much information hides the important information. Remember to keep things simple and do no more than you have. 
When we launch Wireshark in reach network environment we will be flooded with information unless settings are different then default.
Status bar Just a status bar with some statistic and general information. With this only ascii strings are visible and human readable. Packet Disscestion (Packet bytes pane) The dissector panel also called packet bytes pane, displays the same information as those provided on the packet details pane but in the raw form as the hexadecimal number without interpretation other than ascii codes. Every bit of packet is explained so there is no need of doing this manually. The information is displayed per OSI layer and can be expanded and collapsed. Packet details pane The packet details pane gives in depth information about a packet selected in the packet list pane. 
Packet list pane The packet list pane displays all the captured packets after applying to them display filters. Both filters are described in the following part of this tutorial. Please note that display filter and capture filter are different things. 
Display filter The display filter is used to search inside the captured logs. Toolbar Below the menu there are shortcuts icons. Lua can be used to write dissectors, post-dissectors and taps. Lua options allow us to work with the Lua interpreter optionally build into Wireshark. Here we can find some auxilary tools, for example Lua.
0 kommentar(er)
