Wireshark Display Filter protocol==TLSV1? (and PacketLength)

Posted by NealWalters on Server Fault See other posts from Server Fault or by NealWalters
Published on 2010-12-28T21:24:11Z Indexed on 2010/12/29 0:55 UTC
Read the original article Hit count: 175

Filed under:
|

What would the filter expression be to just select the protocols where the protocol = TLSV1? Something obvious like protocol == "TLSV1" or TCP.protocol == "TLSV1" is apparently not the right way.

ip.proto == "TLSV1" says "ip.proto cannot accept strings as values"

Update - additional tips:

Another great but hidden search is on PacketLength: You can add packet length to your display by clicking "Edit Preferences" (menu or icon), and adding the PacketLength as a new column, but to filter on it you have to use the more cryptic: frame.len == ### where ### is your desired number. We were using this to determine how many packets had been sent and/or received, when you filter, the status-bar at the bottom of the screen shows the number of items matching the filter.

© Server Fault or respective owner

Related posts about wireshark

Related posts about filtering