How can I search the info column in Wireshark?

Question

Wireshark | Windows

I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a search or filter for the specific string I'm looking for.

Is there a way to do this in Wireshark?

Wouldn't it be easier to search yur SMTP logs? – joeqwerty Oct 19 '10 at 23:10 — joeqwerty, Oct 19 '10 at 23:10

score 23 · Accepted Answer · answered Oct 19 '10 at 23:07

23

Open Edit→Find Packet. Under Find select String and under Search In select Packet list.

answered Oct 19 '10 at 23:07

Gerald Combs

6,331
23
35

a bit odd that the search bar is sort of this hidden option. so we just have to know that there's a filter bar and the hidden search bar – dtc Jun 23 '22 at 17:09

score 0 · Answer 2 · 2018-03-08T09:22:47.650

You can use Microsoft Network Monitor to do the trick.
Open your file in Microsoft Network Monitor.
Right-click on an item in the Description column en choose "Add 'Description' to Display Filter" from the context menu.
The Display Filter is added to the Filter Window.
Hit the Apply button on the filter toolbar.

Examples:

Description == "HTTP:Request, GET / "
Description.contains("Request")

Microsoft Network Monitor 3.4: Search the Description Column | LoveMyTool

How can I search the info column in Wireshark?

2 Answers2