Wireshark is a powerful tool that allows us to capture and analyze traffic. In this chapter, we reviewed how to look at traffic more effectively by using the built-in filter functions. We have compared the differences between display and capture filters. In order to filter traffic, we learned how to use a display filter and discussed how it can provide a simple filter showing only a protocol or a combination of field values. We have reviewed how to edit the display or capture filters, as well as creating your own and storing them for easy reference in the bookmarks.

In addition to display filters, we covered capture filters that you apply prior to capture, and the result will display only the traffic that you have captured. To carry out a granular investigation, we have discussed how to create an expression that includes logical operators and specific field values. With the many ways to filter traffic, we looked at the shortcuts to build filters on the fly while conducting analyses, and then evaluated the benefits of having several useful filters in your arsenal.

In the next chapter, we will take a look at encapsulation in the OSI model, which is an essential concept to grasp in order to be effective at packet analysis. So that you have a better understanding of this important concept, we'll review the seven layers, discuss addressing, the protocol data units, and the protocols in each layer, and the process of encapsulation as the data is readied for frame formation in order to be sent on the appropriate media.