Wireshark-users: Re: [Wireshark-users] Active filter

From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Wed, 9 Sep 2009 10:38:14 -0400

> "Those who give freedom for a little security deserve neither."
> ~Benjamin Franklin
>
Indeed

On Tue, Sep 8, 2009 at 4:29 PM, Christopher
Wooley<christopher@xxxxxxxxxxxxxxxxxxxx> wrote:
> Under further information for "filtering while capturing":
> http://wiki.wireshark.org/CaptureFilters
> it gives the example in the docs page:
> http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
> tcp port 23 and host 10.0.0.5
> if you type in tcp port 23, it gives the error, but if you use tcp.port==23,
> it doesn't
> the correct syntax would have been tcp.port==23 and ip.src==10.0.0.5
>
> Christopher Wooley
> Systems Engineer
> Asset Inventory Services
> Overdrive Advanced Computers
>
> "Question with boldness."
> ~Thomas Jefferson
>
> "Those who give freedom for a little security deserve neither."
> ~Benjamin Franklin
>
> ________________________________
> From: sean bzd [mailto:seanbzd@xxxxxxxxx]
> To: Community support list for Wireshark
> [mailto:wireshark-users@xxxxxxxxxxxxx]
> Sent: Tue, 08 Sep 2009 14:01:52 -0500
> Subject: Re: [Wireshark-users] Active filter
>
> I suppose you mean Display filter.  Display filters work online(while
> capture is going on) and offline. Its syntax is different from capture
> filters. What does WIKI say about the syntax?
>
> On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley
> <support@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> figured it out. I searched through the expressions list, until I found it.
>> Does the WIKI need to be updated?
>>
>> [SNIP]