Protocol Filter Settings

Home > Reference > Dialogs > Settings Dialog > Protocol Filter Settings

The Protocol Type Filter Settings page inside the Settings dialog:

The Protocol Groups tree contains a subset of protocol entries from the protocols list on the right. It is used to organize protocols in a hierarchical structure and allows to check or uncheck them in groups. To check or uncheck items click the icon on the left of an entry or select an item and press the spacebar on the keyboard. You can also use the context menu to check and uncheck groups. The context menu opens when you right-click an item. It offers also commands to create new groups and to delete protocol entries and groups.

If you right-click in an empty part of the tree view, the context menu will offer commands to create new top level groups and to check or uncheck all items of the tree view.

You can drag selected protocol entries from the protocols list into the tree view. If you drop them below the current tree, a new group containing the dropped protocols will be created. If you drop the entries into an existing group, they will be added to this group. Pressing the Ctrl button on the keyboard while dropping the entries will force the creation of a new subgroup containing the dropped protocol entries.

You can edit the name of a selected group by clicking it or by pressing F2 or Insert on the keyboard. To finish editing, click outside the edit box or press Enter on the keyboard. Press Esc on the keyboard to cancel editing.

The group icon reflects the amount of selected items in the group and all of its subgroups by displaying a kind of pie-chart.

The Protocols list contains all protocols and packet types which can be used for filtering. The protocols are added to this list either internally, by decoder DLLs, or with configuration files for specific decoders.

The list contains two additional columns that display an internal decoder name or the name of a decoder DLL and the corresponding version date for some of the protocol entries. Protocol entries with an associated decoder will display more information in the Decode View.

You can sort the list in ascending or descending order by clicking once or twice into the list header.

To find a specific protocol entry, scroll the list or select any item and press the first letters of the searched protocol name on the keyboard. You can check or uncheck one or multiple selected entries to enable or disable these protocols in the protocol filter. If you want to check or uncheck some protocols frequently, it will be more convenient to add them to the group tree (see above).

The Check all and Uncheck all buttons are used to check or uncheck all protocol entries at once.

Note: If you uncheck all protocols, you need afterwards to enable the complete protocol stack used by the packets you want to pass through the filter (e.g. usually you won't see any packet as long as Ethernet is disabled). Notice that some protocols are further divided into sub-protocols which must all be enabled. Example: To see DNS packets, you need to check Ethernet, Ethernet II, IP, IPv4, UDP and DNS.

The foreground color button (FG) is used to change the text color of the protocol name in the Packet List View.

The background color button (BG) is used to change the background color of packet information text in the Packet List View. The background color is inherited by protocols that are contained or transported in a 'colored' protocol. If you assign a background color to the IP protocol, all packets using IP (including TCP, UDP, HTTP, etc.)  will be displayed using this background color, as long as no other color is assigned to one of the upper protocols.

Note: This is used in the default configuration to highlight TCP connection management packets: TCP Synch (connect) packets have a green background, TCP Reset packets use yellow and TCP Final packets are displayed with a light red background. As these colors are inherited, this works for HTTP, POP3, and any other protocol using TCP.