Observer Analyzer : Observer Analyzer : Filtering : Post-filtering your packet captures
Post-filtering your packet captures
By filtering your packet captures, you can extract and examine only network packets that meet certain criteria. You can introduce such a filter either before (pre-filter) or after (post-filter) you perform a packet capture.
This section describes post-filters only; these filters affect what you see in a loaded capture file. If you have an existing capture file and would like to pre-filter it instead, see Pre-filtering your packet captures.
To apply a post-filter, complete the following steps:
1. Click the File tab, and click Options > Fallback Instance.
2. Choose the probe instance with the settings you want to use to decode the buffer file. For more details about why this is important, see Opening files from unknown locations.
3. Click the File tab, and click Open > Local Packet Captures > PreFilter and Analyze.
4. Navigate to the capture file you want to load, and select it.
5. Click Open. The Pre-Filtering window appears.
6. Enable the filters you want to apply to the capture file.
If you do not see any pre-installed filters worth using, create your own. The maximum number of elements a filter expression may have is 256.
7. Click OK. The capture file loads into Observer and you arrive at the Decode tab.
 
The Decode tab, of the Decode and Analysis window, displays each captured packet stored in the file matching the filter criteria. See Using the Decode pane for more details.