This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

use case for (copy | as a filter )option

0

Going through Laura chappel's WCNA guide and came across copy | as filter option. Any use case for this feature is appreciated.When do we need to buffer the filter?

asked 16 May '13, 22:04

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%


One Answer:

1

I can think of many use cases, but the one I had that made me develop this functionality was this:

I was analyzing client side and server side traces of a session over an Alteon loadbalancer. When matching a session on the client side to the session on the server side, I had to use the tcp sequence number. So what I did was prepare a filter on the sequence number, and then copied it from the filter box to put it in the search filter of the other wireshark session. Having "Copy as filter" made it a lot easier :-)

answered 17 May '13, 00:00

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thats why I use it too, it helps searching with the find dialog when you dont want to replace the display filter.

(17 May '13, 01:40) Jasper ♦♦