The Wireshark Analyze menu contains the fields shown in Table 3.8, “Analyze menu items”.
Table 3.8. Analyze menu items
| Menu Item | Accelerator | Description |
|---|---|---|
Displays a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. See Section 6.6, “Defining And Saving Filters”. | ||
Shows a dialog box that allows you to create and edit display filter macros. You can name filter macros, and you can save them for future use. See Section 6.7, “Defining And Saving Filter Macros”. | ||
Shift+Ctrl+I | Adds the selected protocol item in the packet details pane as a column to the packet list. | |
Change the current display filter and apply it immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane. | ||
Change the current display filter but won’t apply it. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane. | ||
Apply a conversation filter for various protocols. | ||
Shift+Ctrl+E | Enable or disable various protocol dissectors. See Section 11.4.1, “The “Enabled Protocols” dialog box”. | |
Decode certain packets as a particular protocol. See Section 11.4.2, “User Specified Decodes”. | ||
→ | Open a window that displays all the TCP segments captured that are on the same TCP connection as a selected packet. See Section 7.2, “Following Protocol Streams”. | |
→ | Same functionality as “Follow TCP Stream” but for UDP “streams”. | |
→ | Same functionality as “Follow TCP Stream” but for TLS or SSL streams. See the wiki page on TLS for instructions on providing TLS keys. | |
→ | Same functionality as “Follow TCP Stream” but for HTTP streams. | |
Open a window showing expert information found in the capture. Some protocol dissectors add packet detail items for notable or unusual behavior, such as invalid checksums or retransmissions. Those items are shown here. See Section 7.4, “Expert Information” for more information. The amount of information will vary depend on the protocol |