https://www.wireshark.org/docs/wsug_html/#ChWorkFindPacketSection 6.8.1. The “Find Packet” Toolbar
On Sat, Mar 20, 2021 at 4:17 PM Richard Sharpe <realrichardsha...@gmail.com> wrote: > Hi folks, > > I use Wireshark a great deal in my job because I am always looking at > captures when trying to figure out bugs in our code. > > I often have captures with a lot of different types of packets and > need to find a particular set of packets of mixed type, eg SMB2 > followed by the NFS packets caused by the SMB2 request or SMB2 > followed by the Kerberos packets caused etc. > > What I would like to be abe to do is to set up a filter string for a > specific type of SMB2 request, say, based on source and dest IP and > maybe type (ie, a CREATE, or whatever) and then go to the first such > packet in the capture and then examine the subsequent packets to see > if they satisfy my criteria. If they don't then I would like to go the > next packet that satisfies my filter string and examine them, and so > on until I find what I am looking for. > > I will usually also have filtered already on two types of frames (or a > few types) like SMB2 || NFS. > > Currently, the only way I can think to do this is to filter on SMB2, > select the first one I am interested in, unfilter (or refilter), > examine the packets, and if they are not what I am interested in, > refilter on SMB2 and select the next packet, and so on. The workflow > is quite painful. > > Is there a simpler way to do this? > > If not, could we add a button for Next packet satisfying filter? > > -- > Regards, > Richard Sharpe > (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe