Wireshark Display Filter protocol==TLSV1? (and PacketLength)
Posted
by
NealWalters
on Server Fault
See other posts from Server Fault
or by NealWalters
Published on 2010-12-28T21:24:11Z
Indexed on
2010/12/29
0:55 UTC
Read the original article
Hit count: 175
What would the filter expression be to just select the protocols where the protocol = TLSV1? Something obvious like protocol == "TLSV1" or TCP.protocol == "TLSV1" is apparently not the right way.
ip.proto == "TLSV1" says "ip.proto cannot accept strings as values"
Update - additional tips:
Another great but hidden search is on PacketLength: You can add packet length to your display by clicking "Edit Preferences" (menu or icon), and adding the PacketLength as a new column, but to filter on it you have to use the more cryptic: frame.len == ### where ### is your desired number. We were using this to determine how many packets had been sent and/or received, when you filter, the status-bar at the bottom of the screen shows the number of items matching the filter.
© Server Fault or respective owner