To filter by protocol in Wireshark, follow these steps:
-
Open Wireshark: Launch the Wireshark application and open your capture file or start capturing traffic.
-
Locate the Display Filter Bar: At the top of the Wireshark window, you will see the display filter bar with the prompt "Apply a display filter".
-
Enter the Protocol Filter:
- Type the name of the protocol you want to filter. For example:
- For HTTP traffic, type:
http - For TCP traffic, type:
tcp - For UDP traffic, type:
udp - For ICMP traffic, type:
icmp
- For HTTP traffic, type:
- Type the name of the protocol you want to filter. For example:
-
Apply the Filter: Press
Enteror click the blue arrow button next to the filter bar to apply the filter. -
View Filtered Results: The packet list will now display only the packets that match the specified protocol, allowing you to focus your analysis on that specific type of traffic.
By using these steps, you can effectively filter packets by protocol in Wireshark.
