Another Purpose For Wireshark Display Filters

When using Wireshark, display filters are often used to help find the issue or reveal patterns. One trick I like to use is to save my filtered trace.

The benefits for saving a filtered trace are many. For example, the smaller trace file will be faster to open and the many Statistics reports will open quicker as well. Then there is big plus of seeing patterns of issues easier without the ‘excessive noise’ or packets.

A great follow up tip is to learn to use the command line tool tshark to filter and create new files a lot quicker.

#Wireshark #WiresharkDisplayFilters