Wireshark - Configure Display Filters

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall with Kai
GameKnowt Play
New
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/19

flashcard set

Earn XP

Description and Tags

Flashcards covering key vocabulary and concepts related to configuring and managing display filters in Wireshark, based on the provided lab notes.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

20 Terms

1
New cards

Display filters (filter expressions)

Normally applied to already captured network traffic in a packet capture file and used when the analyst does not exactly know the type of traffic to examine.

2
New cards

Filter Input box

A search box at the top of the Main Wireshark Window, labeled 'Apply a display filter', where one inserts display filter(s).

3
New cards

Filter Toolbar

The entire section containing the 'Apply a display filter' search box and related buttons.

4
New cards

Display filter button

A feature that allows users to save and reuse specific display filters, created by clicking the '+' sign in the Filter Toolbar.

5
New cards

Label (Filter Button Preference)

The box where one names a display filter button (should be descriptive).

6
New cards

Filter (Filter Button Preference)

The box where one enters the actual display filter, which turns green if the syntax is correct.

7
New cards

Comment (Filter Button Preference)

The box where one enters a note regarding the created filter button.

8
New cards

'X' button (display filter)

Used to delete the current display filter and return to the original packet capture, resetting the current display filter and clearing the edit area.

9
New cards

Bookmarks icon (blue ribbon)

Located on the very left of the filter input box, it provides a dropdown menu of predefined display filters (both capture and display) to save time.

10
New cards

'udp.dstport==53'

A display filter used to show only those packets that have '53' in the destination port field for UDP traffic.

11
New cards

'tcp.port==80'

A display filter used to display TCP packets that also contain the number '80' in either the source or destination port field.

12
New cards

Apply as Filter (filter button option)

Copies the selected display filter into the filter input box.

13
New cards

Prepare as Filter (filter button option)

Edits the filter.

14
New cards

Edit (filter button option)

Opens Filter Button Preferences so that one can edit the display filter.

15
New cards

Disable (filter button option)

Removes a display filter from display, which can be re-enabled in Preferences > Filter Buttons.

16
New cards

Remove (filter button option)

Completely deletes a display filter.

17
New cards

Analyze > Display Filters

A menu path in Wireshark used to manage display filters, allowing one to add, delete, and copy them.

18
New cards

Display Filter comparison operators

Symbols and aliases such as '==' (eq), '!=' (ne), '>' (gt), '

19
New cards

'matches' operator

A display filter comparison operator that allows a protocol or text field to match a Perl-compatible regular expression (e.g., http.host matches 'acme.(org|com|net)').

20
New cards

Applying display filters during capture

Wireshark allows display filters to be entered and applied while packets are being captured, showing only conforming traffic but still saving all captured packets.