Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Active filter

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Christopher Wooley" <christopher@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Sep 2009 15:29:32 -0500
Under further information for "filtering while capturing":
http://wiki.wireshark.org/CaptureFilters
it gives the example in the docs page:
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
tcp port 23 and host 10.0.0.5
if you type in tcp port 23, it gives the error, but if you use tcp.port==23, it doesn't
the correct syntax would have been tcp.port==23 and ip.src="">
Christopher Wooley
Systems Engineer
Asset Inventory Services
Overdrive Advanced Computers

"Question with boldness."
~Thomas Jefferson

"Those who give freedom for a little security deserve neither."
~Benjamin Franklin
From: sean bzd [mailto:seanbzd@xxxxxxxxx]
To: Community support list for Wireshark [mailto:wireshark-users@xxxxxxxxxxxxx]
Sent: Tue, 08 Sep 2009 14:01:52 -0500
Subject: Re: [Wireshark-users] Active filter

I suppose you mean Display filter.  Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?

On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley <support@xxxxxxxxxxxxxxxxxxxx> wrote:
figured it out. I searched through the expressions list, until I found it. Does the WIKI need to be updated?


From: Christopher Wooley [mailto:support@xxxxxxxxxxxxxxxxxxxx]
To: wireshark-users@xxxxxxxxxxxxx
Sent: Tue, 08 Sep 2009 13:44:24 -0500
Subject: [Wireshark-users] Active filter


I am trying to filter an active capture for port 3250, but when I use "tcp port 3250" in the filter I get "port was unexpected in this context" What's the correct way to do this?


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube