
Figure 6.7, Filtering on the TCP protocol shows an example of what happens when you type tcp in the display filter toolbar. I answered question 5 correctly so I think I'm on the right track and I've done all the other Wireshark labs with similar filters and haven't had any problems with percentages. How do you filter a Wireshark capture To only display packets containing a particular protocol, type the protocol name in the display filter toolbar of the Wireshark window and press enter to apply the filter. I've tried other variations too, total packets 10594 and displayed is 86 so i've tried. I used the filter (http.request or = 1 or tcp.flags eq 0x0002) and !(tcp.port eq 25)Ĩ% is displayed in the bottom right but it won't accept my answer. What percentage of results are then displayed in the capture? Now take the filter used in the previous question, and add an OR expression which filters by (.tcp flags equal to 0x0002) and a further expression which filters by packets NOT from (tcp port 25). I've tried other variations too, total packets 10594 and displayed is 37 so i've tried. I used the filter (http.request or = 1) stated in the question itself and 3% is displayed in the bottom right but it won't accept my answer.


From the PCAP provided, apply a filter to display all web traffic (http.request or = 1). I cannot get the answer to questions 3 or 5 and I don't know what I'm doing wrong.ģ.
