You can easily find packets once you have captured some packets or have read in a previously saved capture file. Simply select Figure 6.11, “The “Find Packet” toolbar”.→ in the main menu. Wireshark will open a toolbar between the main toolbar and the packet list shown in
You can search using the following criteria:
Enter a display filter string into the text entry field and click thebutton. + For example, to find the three way handshake for a connection from host 192.168.0.1, use the following filter string:
ip.src==192.168.0.1 and tcp.flags.syn==1
The value to be found will be syntax checked while you type it in. If the syntax check of your value succeeds, the background of the entry field will turn green, if it fails, it will turn red. For more details see Section 6.3, “Filtering Packets While Viewing”
Search for a specific byte sequence in the packet data.
For example, use “ef:bb:bf” to find the next packet that contains the UTF-8 byte order mark.