Wireshark-users: Re: [Wireshark-users] is it get packets which corresponds to http status, like h
From: Prigge Scott <PriggeScottM@xxxxxxxxxxxxx>
Date: Fri, 22 Jun 2012 09:18:40 -0500

Ø  You can try the http.response.code filter

 

A really great Wireshark feature that might go unnoticed is that the name of a filter can be determined simply by looking at the Status bar. In the Packet Details frame, select the field which has the value you are interested in - as an example, I'll use the "Trailer" field in the Ethernet II header (because I don't know what that filter name is). When you select the Trailer field in the Packet Details frame, the name of the filter shows up in parenthesis in the status bar:  "(eth.trailer)" in this case. Now that you have the filter name, you can use it in the Filter field without having to wait for the great folks on the Wireshark users list to respond :]

 

SP