Display Filter Using "Info" Field

SuperDup · August 30, 2008, 1:22am

Hello All,

I am new to the Wireshark application and I’m trying to find out if anyone knows the expression string which identifies the Info field. When I am viewing a capture for example, the following fields are visible at the top of the app:
“No. | Time | Source | Destination | Protocol | Info”

I scanned the user manual and was able to find information on how to create filter expressions using the other fields, but I couldn’t find anything regarding the Info field. If anyone is familiar with how to create this type of display filter, please let me know.

epping16 · September 17, 2009, 7:10am

Hi did you end up finding out about this plase as I have the exact same requirement, thanks.

wsgd · September 18, 2009, 8:27pm

Hi,

The info field contains a concatenation of multiple informations.
As far as I know, there is no expression for it.

If it is a TCP protocol,
then :

1st displayed number : TCP source port : tcp.srcport
2nd displayed number : TCP destination port : tcp.dstport
…

It depends of the protocol.

Olivier