Chapter 3. Using Display Filters
In this chapter you will learn the following:
- Configuring display filters
- Configuring Ethernet, ARP, host, and network filters
- Configuring TCP/UDP filters
- Configuring specific protocol filters
- Configuring substring operator filters
- Configuring macros
Introduction
In this chapter we will learn how to work with display filters. Display filters are filters that we apply after capturing data (filtered by capture filters or not), and when we wish to display only part of the data.
Display filters can be implemented in order to locate various types of data:
- Parameters such as the IP address, TCP or UDP port numbers, URLs, and server names
- Conditions such as "packet length shorter than..." and the TCP port range
- Phenomena such as TCP retransmissions, duplicate and other types of ACKs, various protocol error codes, and flag existence
- Various applications parameters such as Short Message Service (SMS) source and destination numbers and Server Message Block...