6.5. The “Filter Expression” dialog box

Figure 6.7. The “Filter Expression” dialog box

Field Name

Select a protocol field from the protocol field tree. Every protocol with filterable fields is listed at the top level. (You can search for a particular protocol entry by entering the first few letters of the protocol name). By expanding a protocol name you can get a list of the field names available for filtering for that protocol.

Relation

Select a relation from the list of available relation. The is present is a unary relation which is true if the selected field is present in a packet. All other listed relations are binary relations which require additional data (e.g. a Value to match) to complete.

Value

You may enter an appropriate value in the Value text box. The Value will also indicate the type of value for the field name you have selected (like character string).

Predefined values

Some of the protocol fields have predefined values available, much like enum’s in C. If the selected protocol field has such values defined, you can choose one of them here.

Range

A range of integers or a group of ranges, such as 1-12 or 39-42,98-2000.

OK

When you have built a satisfactory expression click OK and a filter string will be built for you.

Cancel

You can leave the “Add Expression…” dialog box without any effect by clicking the Cancel button.