When you need to locate a specific value while in the expert system, enter the value in the search box and press Enter. The following screenshot shows the results for the ssdp search:

The Expert Information console has an advanced menu function. As shown in the following screenshot, when you right-click on a value, you can select any of the menu choices listed:

Similar to the menu choices offered when you right-click on the packet details, you can select any of the following:

• Apply as Filter will select the highlighted conversation and run the filter in the main interface.
• Prepare a Filter will select the highlighted conversation and prepare the filter in the main interface. To run the filter, you must press Enter.

• Find, when selected, will place the variables in the search toolbar in the main interface, as shown in the screenshot:

• Colorize will open the coloring rules dialog box and allow you to create a custom coloring rule.
• Look Up will open a browser, do a Google search, and present the results.
• Copy will copy the selected line onto the clipboard. For example, if I right-click on packet 10915 and select Copy, Wireshark will copy the results to the clipboard. I can then paste the results, as follows:

10915 SSDP: M-SEARCH * HTTP/1.1

• Collapse All will collapse the results to a single summary line.
• Expand All will expand the results to show all the packets.

The Expert Information console can provide a great deal of insight into possible problems in a packet capture. Wireshark presents the results in an easy-to-read format in the Expert Information console, where you can view and analyze any errors, warnings, notes, and chats.