I wanted to find out how to filter my results so that I don't have one listing per packet and just have one listing per ip. Thanks in advance asked 14 Feb '16, 01:13  theH0MEBREWER |
One Answer:
Go have a look in the Statistics menu to get several options of overviews of the captured data. answered 14 Feb '16, 07:20  Jaap ♦ This helps but I wanted to know if there is a filter that does that in the Live Capture window. (14 Feb '16, 12:34) theH0MEBREWER 1 If we admit that watching the list of IP addresses grow live has some advantage, then nothing prevents you from doing the following:
In this table, you can sort the rows up to one column's values, by clicking the column header. I don't know what the guy on the video had in mind, but to the best of my knowledge, there is no way to change the behaviour of the packet list pane so that it would display all packets which have the same value of a given protocol field (like (15 Feb '16, 00:27) sindy Thanks Sindy. (26 Feb '16, 05:22) theH0MEBREWER |
I'm afraid you'll have to be far more specific as for the desired result. E.g. "I want to get a list of all IP addresses seen in the capture, with the number of sent and received packets for each of them" or something alike. A "listing" may be nearly anything.
I am new to wireshark so i don't really know how to ask what I want to do... this might better explain it. In this video https://youtu.be/NWsnTLPGrts?t=3m at 4:30 the he says "you can limit it to one ip per listing" but he doesn't explain how to do that. I am trying to figure that out. I also wat to be able to do that as a filter so I can just scroll through the results and not have to export anything. Thanks again.