Wireshark: Difference between Capture filters and Display Filters
Wireshark is a network traffic analyzer that can be used to analyze network traffic. For more information, you can refer to Basic Tutorial on Wireshark.
Capture filters: This type of filter set before start capturing traffic in Wireshark. This type of filter can’t change while capturing traffic. It is generally used for capturing a specific type of traffic.
Example:
Capture only traffic to or from IP address 172.18.5.4:
host 172.18.5.4
Capture traffic to or from a range of IP addresses:
net 192.168.0.0/24
Display Filters: This type of filter is used to reduce the packets which are showing in Wireshark. This type of filter can be changed while capturing traffic. It is generally used for hiding traffic to analyze the specific type of traffic.
Example:
Show only SMTP (port 25) and ICMP traffic:
Display only traffic from port number 25 or ICMP packets
tcp.port eq 25 or ICMP
Display only traffic to or from IP address 192.168.0.87
ip.addr == 192.168.0.87
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Thank you for being of assistance to me. I really loved this article.