Guys How do I search for a string and only displaying ALL lines containing the string (and get total number of lines to compare to another file) thanks in advance
Edit according to the comment below:
sorry, I was confused by keywords "string" and "line" which normally refer to text processing.
In Wireshark itself you cannot filter packets by contents of the Info column. You have to use the display filter field - it may seem complex first but it is actually not, and filtering this way is much more powerful than text search on the summary information.
To avoid misleading you: you can use the display filter to search for strings in raw packet data or in dissected protocol fields, but not in the Info column as doing so would rarely be useful.
So for your example, you would use display filter expressions like tcp.analysis.retransmission (hint: start typing tcp. and Wireshark will suggest you possible completions).
Once you compose your filter and the display filter field colour is green, press the --> button to the right from the display filter field. The list of packets will shrink to those matching that filter expression.
In the status line at the right bottom of the Wireshark window you'll see a summary: Packets: X, Displayed: Y. "Displayed" means "matching the display filter expression".
thanks sindy. I mean search in wireshark I need to compare 2 pcap files from 2 points in the network to see if TCP errors (dup ACK, retransmits etc) are exactly same in both files or not. So i need to:
1) filter and find the particular strings
2) know how many of those are total
let me know if you had an idea... trying to read and trying things but getting a bit delayed... thanks
Hey Sindy - thanks a lot for the explanation. it was really helpful at the moment of need! cheers
Comments