How do I filter specific data in Wireshark?

How do I filter packets containing string in Wireshark?

I am trying to identify the data packets containing the string "GPRS".

I do not see anything under Src/Dst IP/Port. Is there any way to do this?
Is it possible in Wireshark? or is it possible through a command line? Or I should use some 3rd party tool for this? As far as I can see you are looking for something on the protocol level, so yes it's possible but if you have only a single protocol on the capture - not a multicast/multicast-over-a-point-to-point set - then you can just search for the text. But you can also have a look at the 'Extended Descriptions' column in the Filter menu of Wireshark - here you will see a list of the protocols supported by your host operating system and other protocol details.

Eg on Windows 7 the full list looks like this (I'm searching for GPRS/UMTS .): Also note that in Wireshark there is no general "Filter" for such things. A 3rd part tool could be tcpfastfilter (it is very useful even for single protocols such as TCP/UDP). However, Wireshark is free software and there is no need for such tools - if you're using it properly as a network sniffer for analysing network traffic anyway.

What are the 2 types of filters used by Wireshark?

I am currently using Wireshark and I am wondering .

I have a basic knowledge about it. But when I searched for it on the Internet I got to know that there are both 1 type and 2 types of filters used by Wireshark.

But I am not able to find any description of them on the Internet. I have read it somewhere in this website, that we have to learn to use one type of filters and use them appropriately to save time. But I am not able to understand what are those types of filters? Can anyone help me? Thanks in advance. The most popular filter types for Wireshark are: String filters: These are the more general filters and may be the best choice for capturing all traffic you see. They allow you to select for specific content, such as IP addresses or subnet ranges, hostnames, port numbers, protocols, or much more. A common example is the ipprotocol filter.

Boolean filters: These are used to look for specific events or conditions, such as to filter for UDP traffic on a specific port. An example is the udpport filter.

For more info about what each filter does read Wireshark Filters. The two types of filters are the String Filter and the Boolean Filter. String Filters are used to look for specific strings within your packet capture, while the Boolean filters look for specific boolean values. I recommend reading through Wireshark Filters. That will help you to understand how to filter out specific fields in your capture.

How do I filter specific data in Wireshark?

I am trying to filter for any traffic coming out of 10.

2 which appears under UDP/TCP packets on the capture and display the specific packet of interest. Is this possible? I have tried using TCP but it doesn't seem to work.

The reason is that I need to be able to easily get an accurate count of how many users are currently connected to a certain server at all times. To answer your specific question, in Wireshark 2.1, what you are trying to do is not supported.

Wireshark needs both "the packet" as well as the information which "header fields" of a packet are interesting. Wireshark cannot use IP address only as a criterion.