I'm trying to build my filter in Wireshark to filter out unwanted packets. Currently filter looks like:
!(http.request.method == POST) && !(http or frame contains "aa" || http or frame contains "bb") && !(http.response.code == 404 or http.response.code == 301 or http.response.code == 302 or http.response.code == 303)
which means: "show any traffic except: packets with a HTTP POST method and packets with payload contains strings "aa" or "bb" and packets with response codes 404 or 301 or 302 or 303"
And from my standpoint this filter works correctly and many packets is filtered out and I'm able to see only the most important packets. But now I would like to use "Follow TCP stream" on remaining most important packets. When I'm trying use "Follow TCP stream" option then wireshark is looking for TCP stream from whole pcap file instead of the most important packets after filtering.
Summarizing I don't want do "Follow TCP stream" for filtered out packets, just for remaining packets after filtering.
How I can resolve this issue?