3.10. The “Analyze” Menu

The Wireshark Analyze menu contains the fields shown in Table 3.8, “Analyze menu items”.

Figure 3.8. The “Analyze” Menu

ws analyze menu

Table 3.8. Analyze menu items

Menu ItemAcceleratorDescription

Display Filters…​

 

Displays a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. See Section 6.6, “Defining And Saving Filters”.

Display Filter Macros…​

 

Shows a dialog box that allows you to create and edit display filter macros. You can name filter macros, and you can save them for future use. See Section 6.7, “Defining And Saving Filter Macros”.

Apply as Column

Shift+Ctrl+I

Adds the selected protocol item in the packet details pane as a column to the packet list.

Apply as Filter

 

Change the current display filter and apply it immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Prepare as Filter

 

Change the current display filter but won’t apply it. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane.

Conversation Filter

 

Apply a conversation filter for various protocols.

Enabled Protocols…​

Shift+Ctrl+E

Enable or disable various protocol dissectors. See Section 11.4.1, “The “Enabled Protocols” dialog box”.

Decode As…​

 

Decode certain packets as a particular protocol. See Section 11.4.2, “User Specified Decodes”.

FollowTCP Stream

 

Open a window that displays all the TCP segments captured that are on the same TCP connection as a selected packet. See Section 7.2, “Following Protocol Streams”.

FollowUDP Stream

 

Same functionality as “Follow TCP Stream” but for UDP “streams”.

FollowTLS Stream

 

Same functionality as “Follow TCP Stream” but for TLS or SSL streams. See the wiki page on TLS for instructions on providing TLS keys.

FollowHTTP Stream

 

Same functionality as “Follow TCP Stream” but for HTTP streams.

Expert Info

 

Open a window showing expert information found in the capture. Some protocol dissectors add packet detail items for notable or unusual behavior, such as invalid checksums or retransmissions. Those items are shown here. See Section 7.4, “Expert Information” for more information.

The amount of information will vary depend on the protocol