You can easily find packets once you have captured some packets or have read in a previously saved capture file. Simply select the Find Packet... menu item from the Edit menu. Wireshark will pop up the dialog box shown in Figureá6.8, “The "Find Packet" dialog box”.
You might first select the kind of thing to search for:
Display filter
Simply enter a display filter string into the Filter: field, select a direction, and click on OK.
For example, to find the three way handshake for a connection from host 192.168.0.1, use the following filter string:
ip.addr==192.168.0.1 and tcp.flags.syn
For more details on display filters, see Sectioná6.3, “Filtering packets while viewing”
Hex Value
Search for a specific byte sequence in the packet data.
For example, use "00:00" to find the next packet including two null bytes in the packet data.
String
Find a string in the packet data, with various options.
The value to be found will by syntax checked while you type it in. If the syntax check of your value succeeded, the background of the entry field will turn green, if it fails, it will turn red.
You can choose the direction to be searched for:
Up
Search upwards in the packet list (decreasing packet numbers).
Down
Search downwards in the packet list (increasing packet numbers).
"Find Next" will continue searching with the same options like in the last "Find Packet" run.