Creating filters using the filter bar
The Filter Bar allows you to create a variety of advanced filters quickly and directly in capture window views and in the Capture Engine Forensic Search dialog (see Navigating a capture window and Post-capture Analysis).
The parts of the Filter Bar are described below.
• Filter button: Click to display Filter Bar menu options.
• Recent Filters: Select a recently defined filter from this list.
• Insert Filter: Select a filter from this list.
• Insert Operator: Select an operator from this list: & (And), | (Or), ! (Not), () (Group)
• Insert Expression: Select a filter type expression from this list.
• Check Syntax: Select this option for a tooltip describing the syntax of your filter. For example, a correctly defined filter will display Filter OK in the tooltip.
• Help: Select this option to display information about how to use the filter bar.
• Filter Bar text box: The filters, operators, and expressions chosen from the Filter button menu appear in this text box as you select them. The filter bar text box background changes color as you type into it to indicate whether a valid filter is entered:
• Valid filter=green
• Invalid filter=red
• Empty=white
• Apply Filter button: Click to apply your filter to the packets in the capture buffer of this capture window.