Re: Wireshark Filters

sapplegate · 02-05-2008

The current stable version of Wireshark (1.6.1) has robust support for Riverbed probe decoding/filtering.

Use the display filter 'tcp.options.rvbd.probe' and the various options to use it.

I've found using Coloring Rules with various versions of this display filter extremely helpful. Personally, I prefer shades of orange.

SYN's with Rvbd probes will start with an 'S+' in the Packet List pane and SYN/ACK's with Rvbd probe responses will start with an 'SA+'.

The Packet Details pane has extensive decode details under the TCP Options area. If you're using Full Transparency you'll find this very useful in troubleshooting.

Enjoy.

Sean Applegate

Edwin Groothuis · 10-19-2008

Hello Perry,

The current development version of Wireshark, version 1.5, has support for them.

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5459

Edwin

--
Edwin Groothuis - Riverbed Support

If this answered your question, please click "Accept as Solution" ------->

PerryLucas · 06-25-2009

First! (getting that out of the way)

Is there any chance of Riverbed publishing a stripped down version of the internal wireshark filters that support uses? I realize that some of the information is sensitive and proprietary, but being able to self diagnosis and ruleout some issues during application troubleshooting would be helpful.

--Perry