As we can see, the filters provide us with a great traceability of communications and also serves as an ideal complement to analyze a multitude of attacks. An example of this is the http.content_type filter, thanks to which we can extract different data flows that take place in an HTTP connection (text/html, application/zip, audio/mpeg, image/gif). This will be very useful for locating malware, exploits, or other types of attacks that are embedded in such a protocol:
Wireshark contemplates two types of filters, that is, capture filters and display filters:
- Capture filters are those that are set to show only packets that meet the requirements indicated in the filter
- Display filters establish a filter criterion on the captured packages, which we are visualizing in the main screen of Wireshark