3.10.áThe "Analyze" menu

The Wireshark Analyze menu contains the fields shown in Tableá3.7, “Analyze menu items”.

Figureá3.8.áThe "Analyze" Menu

The "Analyze" Menu

Tableá3.7.áAnalyze menu items

Menu ItemAcceleratorDescription
Display Filters...á

This menu item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in Sectioná6.6, “Defining and saving filters”

Apply as Filter > ...á

These menu items will change the current display filter and apply the changed filter immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Prepare a Filter > ...á

These menu items will change the current display filter but won't apply the changed filter. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Firewall ACL Rulesá

This allows you to create command-line ACL rules for many different firewall products, including Cisco IOS, Linux Netfilter (iptables), OpenBSD pf and Windows Firewall (via netsh). Rules for MAC addresses, IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are supported.

It is assumed that the rules will be applied to an outside interface.

------áá
Enabled Protocols...Shift+Ctrl+R

This menu item allows the user to enable/disable protocol dissectors, see Sectioná9.4.1, “The "Enabled Protocols" dialog box”

Decode As...á

This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see Sectioná9.4.2, “User Specified Decodes”

User Specified Decodes...á

This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see Sectioná9.4.3, “Show User Specified Decodes”

------áá
Follow TCP Streamá

This menu item brings up a separate window and displays all the TCP segments captured that are on the same TCP connection as a selected packet, see Sectioná7.2, “Following TCP streams”

Follow SSL Streamá

Same functionality as "Follow TCP Stream" but for SSL streams. XXX - how to provide the SSL keys?

Expert Infoá

Open a dialog showing some expert information about the captured packets in a log style display. The amount of information will depend on the protocol and varies from very detailed to none existing. This is currently a work in progress. XXX - add a new section about this and link from here

Expert Info Compositeá

Same information as in "Expert Info" but trying to group items together for faster analysis.