Use display and capture filters in Wireshark to find the network information you want and screen out what you don't
If you're trying to pinpoint a network problem or understand how a particular network operation works, the amount of extraneous traffic on the network can be overwhelming and prevent you from accomplishing your goal. Filters are the way to manage this huge amount of information. Capture filters allow you to limit the amount of packets that Wireshark receives from the operating system, while display filters allow you to limit the packets that are shown in Wireshark's main window, giving you the opportunity to concentrate on the problem at hand. In this chapter download from Wireshark & Ethereal Network Protocol Analyzer Toolkit, learn how to write display filters and capture filters in Wireshark, arguably the best open-source network analyzer now available.
Title: Wireshark & Ethereal Network Protocol Analyzer Toolkit
Author: Angela Orebaugh, Gilbert Ramirez, Jay Beale
Publisher: Syngress Publishing
Chapter 5: Filters
ISBN: 1597490733; Copyright 2006, Syngress Publishing. All rights reserved.
Used with permission from the publisher. Available from booksellers or direct from Syngress Publishing