Wireshark-users: Re: [Wireshark-users] Missing Capture filters

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Mon, 4 Feb 2008 19:12:04 -0700

On Sat, Feb 02, 2008 at 09:22:51AM -0900, The Mathe Family wrote:

> I do not seem to have a default lits of capture filters in my capture 
> filters list.  Any suggestions?

Are you running on Windows or Unix?  The global capture filters are 
saved in /usr/local/share/wireshark/cfilters on Unix and 
%WIRESHARK%\cfilters on Windows.

The file format is the same for each platform so I have included the 
default capture filters as of 0.99.8 development version (I don't think 
they've changed in a while though) as an attachment to this e-mail so 
you can replace yours if it is missing.


Steve

"Ethernet address 00:08:15:00:08:15" ether host 00:08:15:00:08:15
"Ethernet type 0x0806 (ARP)" ether proto 0x0806
"No Broadcast and no Multicast" not broadcast and not multicast
"No ARP" not arp
"IP only" ip
"IP address 192.168.0.1" host 192.168.0.1
"IPX only" ipx
"TCP only" tcp
"UDP only" udp
"TCP or UDP port 80 (HTTP)" port 80
"HTTP TCP port (80)" tcp port http
"No ARP and no DNS" not arp and port not 53
"Non-HTTP and non-SMTP to/from www.wireshark.org" not port 80 and not port 25 and host www.wireshark.org