Hi, Hopefully not to dumb a question. But really want to get into Wireshark and therefore I am going through various capture files I have been able to find on Wireshark.org and via Google searches, and I find these very good as part of the learning process, BUT, I don't seem to be able to find what capture filter the originator has used on the file. Looking in the properties doesn't really help, and a good deal of the time, the title used to save the file is not giving much away. I just want to be able to load up the capture files, see the traffic and find out what filter was used to capture those particular traffic elements in the first place. Could anyone advise please ..... Sorry if its a stupid question. Thanks asked 03 Jun '16, 08:28  d95gas |
One Answer:
The capture filter used (if any) during collection of frames in the capture files is a local matter, that is, it is not stored or recorded in the capture file itself. Only the newly developed pcap-ng capture file format allows storing of the applied capture filter, in the Interface Description Block, so this type of capture files could contain this information. Currently it is not so usual to find them. I'm not even aware if Wireshark sets this. Actually a good question. answered 03 Jun '16, 09:25  Jaap ♦ |
Many thanks Jaap ..... So glad it wasn't such a dumb question :-)
Just means learning is a little harder, but not the end of the world....... Just make me work harder for my money so to speak.
Thanks again
To help others spot usefully answered Questions, please Accept an Answer which you find useful by clicking the checkmark icon next to it. No one else can do it on your behalf - anyone else can vote but not Accept.
And your post has been converted to a comment, as it wasn't an Answer to your Question. See site FAQ for details.