Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Tue, 29 Aug 2006 01:57:36 +0200
Jaap Keuter wrote:
Hi,

There's a nice commentblock in util.c that explains this:

/* Try to figure out if we're remotely connected, e.g. via ssh or
   Terminal Server, and create a capture filter that matches aspects of the
   connection.  We match the following environment variables:

   SSH_CONNECTION (ssh): <remote IP> <remote port> <local IP> <local port>
   SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
   REMOTEHOST (tcsh, others?): <remote name>
   DISPLAY (x11): [remote name]:<display num>
   CLIENTNAME (terminal server): <remote name>
 */
I've added a related section to the user's guide in SVN 19063.

What's still unclear to me:
- When will the filter be applied? (when the options dialog opens?)
- Will it be added each time to the filter field when the dialog is opened?
- How is it combined with an already existing filter?

Hoping to get some answers from the experts (without having to look deeply into the code) ...

Regards, ULFL