top of page
  • Writer's pictureLaura Chappell

Wireshark Tip: Make a Button for That!

Have you created buttons for Wireshark yet? Buttons enable you to apply your favorite display filters to your trace files quickly. When you create a button, it is saved in the profile in which you are working.


In the example below, we have created a set of buttons for interesting DNS, TCP, ICMP, and HTTP packets. Our DNS, TCP, and HTTP buttons are organized under headings, while the ICMP button sits directly on the main Display Filter area line.

DNS button heading

Step 1: Create a Display Filter

Buttons are based on display filters. To create a button, enter a display filter in the Display Filter area. In the example below, we have entered dns.flags.response == 0 in the Display Filter area.


Step 2: Click + to Create a Button

Now click the + to the right of the Display Filter area.

display filter and +

Step 3: Enter a Label and Comment (Optional)

A new area appears under the Display Filter area. You are prompted to enter the button label, display filter (filled out for you), and a comment (optional). In the example, I have added the label "Request" along with a short comment.

adding a button label and comment

Click OK to save your button. By default, new buttons are placed to the right of existing buttons.

our new Request button

Create a Button Under a Heading

Our button is simply labeled Request - but it is a DNS Request - we want our button to be listed under the DNS heading.


Headings are created using the following syntax: heading//buton_label.

Right click on the new button and select Edit. Change your button label to DNS//Request.

new label

Click OK.

Voila! Your button is now located under the DNS heading. When you want to see DNS requests, click the DNS heading and the Request button.

our button under a heading

In the next blog, I will share additional methods for creating and sharing buttons.


Enjoy!








Comments


bottom of page