Wireshark | Windows

I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a search or filter for the specific string I'm looking for.

Is there a way to do this in Wireshark?

  • Wouldn't it be easier to search yur SMTP logs?
    – joeqwerty
    Commented Oct 19, 2010 at 23:10

2 Answers 2


Open Edit→Find Packet. Under Find select String and under Search In select Packet list.

Update: Wireshark 4.2.0 and later added _ws.col.* display filter fields. _ws.col.info lets you filter on the "Info" column. For example, _ws.col.info matches "(?i)donuts" will case-insensitively match "donuts".

  • a bit odd that the search bar is sort of this hidden option. so we just have to know that there's a filter bar and the hidden search bar
    – dtc
    Commented Jun 23, 2022 at 17:09
  • anyone knows of a way to actually filter out instead of "searching" which is helpful yes helps you to find entries in all the clutter, but a filter really should be possible. Commented Oct 11, 2023 at 17:52
  • 1
    @RicardoMendes 4.2.0 will add a _ws.col.info display filter field. It's scheduled for release in mid November 2023, but in the mean time you can use one of the 4.2.0 release candidates. Commented Oct 12, 2023 at 18:11

You can use Microsoft Network Monitor to do the trick.
Open your file in Microsoft Network Monitor.
Right-click on an item in the Description column en choose "Add 'Description' to Display Filter" from the context menu.
The Display Filter is added to the Filter Window.
Hit the Apply button on the filter toolbar.


Description == "HTTP:Request, GET / "

Microsoft Network Monitor 3.4: Search the Description Column | LoveMyTool

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .