Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Fwd: Re: [Ethereal-dev] Filter expressions for exclusion]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "John McDermott" <jjm@xxxxxxxxxx>
Date: Tue, 31 Dec 2002 16:31:13 -0700

Guy Harris wrote:

[ In reference to tcp.port != 80 ]

What you asked for was packets whose TCP port had a value other than 80.

Non-TCP packets have no TCP port, so they obviously don't have a TCP
port with a value other than 80.


OK.  So this got me to thinking.  How do I write "I want to see all packets
except HTTP packets". The answer is '!tcp.port == 80'. Perhaps this is less intuitive than 'tcp.port != 80', but I see Guy's point (even though it seems counterintuitive per my earlier messages).
Since it is "easy" to implement what Andrew Esh wants (correct me if I'm wrong, but isn't it really a simple expression for this task?) without changing the semantics of the filter language, perhaps it is best not to change. I'd still like to see 'tcp.port != 80' be the same as '!tcp.port == 80'. For some reason these seem the same to me. To me it is like 'a != b' being the same as '!(a==b)'.
On a side note, I tried '!tcp.port == 80' expecting it to fail-- parsing it as '(!tcp.port) == 80' perhaps we should note somewhere the precedence of operators. 

--john

--
John McDermott
Writer, Educator, Consultant
jjm@xxxxxxxxxx		http://www.jkintl.com
V +1 505/377-6293 F +1 505/377-6313
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube