Display Filter Using "Info" Field


#1

Hello All,

I am new to the Wireshark application and I’m trying to find out if anyone knows the expression string which identifies the Info field. When I am viewing a capture for example, the following fields are visible at the top of the app:
“No. | Time | Source | Destination | Protocol | Info”

I scanned the user manual and was able to find information on how to create filter expressions using the other fields, but I couldn’t find anything regarding the Info field. If anyone is familiar with how to create this type of display filter, please let me know.


Display Filter Using Capture Date and/or Time Range?
#2

Hi did you end up finding out about this plase as I have the exact same requirement, thanks.


#3

Hi,

The info field contains a concatenation of multiple informations.
As far as I know, there is no expression for it.

If it is a TCP protocol,
then :

  • 1st displayed number : TCP source port : tcp.srcport
  • 2nd displayed number : TCP destination port : tcp.dstport

It depends of the protocol.

Olivier