I'm new to Wireshark and not all that familiar with network protocols in
general.
Is it possible to filter everything from a capture session but only the
things specific to that capture session?
To clarify; I want to study all of the interactions that an app has with
multiple servers and multiple ports. But, there are a lot of packets mixed
in with the capture that don't have anything to do with the apps
interactions.
What I want to do is shut down all unnecessary traffic on my system then
capture all of the traffic between my ethernet card, router, and ISP. After
the capture I want to filter everything that has been captured including all
ARP, DNS, DHCP etc.. However, I don't want to make the filter too generic
and have it filter things that I want to see.
Once I have a list of all interactions I want to start another capture using
the filter, open my app, and watch the interactions between it and whatever
servers it connects to.
Is that possible? And, if so, what is the easiest way to achieve that goal?
