Try this Wireshark display filter

Wireshark’s features can really be a catch 22. In one way they are very powerful but on another hand, many of them are difficult to find. But you do find a gem of a tip or5 trick, packet analysis gets a lot easier.

In this article I want to share a different kind of display filter that you may not be familiar with. I’m sure you have used MAC, IP address, TCP, UDP and maybe even some application layer display filters. I find that sometimes I need to display just a few packets that might not have MAC, IP, TCP or UDP port numbers in common.

As you will see in the video, one way to address this challenge is to simply Mark the packets and then apply a display filter for just marked packets. The other way is to use the following display filter syntax frame.number in {frame numbers} this will simply display any frame number you provide in the curly braces.

That’s it folks, quick and simple and have a Happy New Year