Wireshark · Ethereal-dev: [Ethereal-dev] Filter expressions for exclusion

Ethereal-dev: [Ethereal-dev] Filter expressions for exclusion

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Chris Waters <chris.waters@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 27 Dec 2002 22:21:13 -0800

Hi,

It seems to me that one aspect of Ethereal filtering is non-intuitive, and
also unnecessary. Consider the following filter:

tcp.port != 10

At first glance it appears that the purpose of the filter is to exclude all
packets where the TCP port is 10. However this expression will also exclude
all non-TCP packets, which was probably not the intent of the person that
wrote the filter.

In any filter referring to a field 'protocol.field' it appears that their is
an implicit 'and protocol' added to the expression. This is very confusing.
Is it necessary, or desirable?

Regards,

Chris.

chris.waters@xxxxxxxxxxxxxxxxxxxx
www.networkchemistry.com

Prev by Date: Re: [Ethereal-dev] TZSP Patch
Next by Date: Re: [Ethereal-dev] Handling of TVBs
Previous by thread: RE: [Ethereal-dev] parsing the whole dir using ethereal for the error checking of p ackets
Next by thread: Re: [Ethereal-dev] Filter expressions for exclusion
Index(es):
- Date
- Thread