3.10. The “Analyze” Menu

The Wireshark Analyze menu contains the fields shown in Table 3.8, “Analyze menu items”.

Figure 3.8. The “Analyze” Menu

ws analyze menu

Table 3.8. Analyze menu items

Menu ItemAcceleratorDescription

Display Filters…​


Displays a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. See Section 6.6, “Defining And Saving Filters”.

Display Filter Macros…​


Shows a dialog box that allows you to create and edit display filter macros. You can name filter macros, and you can save them for future use. See Section 6.7, “Defining And Saving Filter Macros”.

Display Filter Expression…​


Shows a dialog box that allows you to build a display filter expression to apply. This shows possible fields and their applicable relations and values, and allows you to search by name and description. See Section 6.5, “The “Display Filter Expression” Dialog Box”.

Apply as Column


Adds the selected protocol item in the packet details pane as a column to the packet list.

Apply as Filter


Change the current display filter and apply it immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Prepare as Filter


Change the current display filter but won’t apply it. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Conversation Filter


Apply a conversation filter for various protocols.

Enabled Protocols…​


Enable or disable various protocol dissectors. See Section 11.4.1, “The “Enabled Protocols” dialog box”.

Decode As…​


Decode certain packets as a particular protocol. See Section 11.4.2, “User Specified Decodes”.

FollowTCP Stream


Open a window that displays all the TCP segments captured that are on the same TCP connection as a selected packet. See Section 7.2, “Following Protocol Streams”.

FollowUDP Stream


Same functionality as “Follow TCP Stream” but for UDP “streams”.

FollowTLS Stream


Same functionality as “Follow TCP Stream” but for TLS or SSL streams. See the wiki page on TLS for instructions on providing TLS keys.

FollowHTTP Stream


Same functionality as “Follow TCP Stream” but for HTTP streams.

Show Packet Bytes


Open a window allowing for decoding and reformatting packet bytes. You can do actions like Base64 decode, decompress, interpret as a different character encoding, interpret bytes as an image format, and save, print, or copy to the clipboard the results. See Section 7.3, “Show Packet Bytes” for more information.

Expert Info


Open a window showing expert information found in the capture. Some protocol dissectors add packet detail items for notable or unusual behavior, such as invalid checksums or retransmissions. Those items are shown here. See Section 7.4, “Expert Information” for more information.

The amount of information will vary depend on the protocol