Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Fwd: Re: [Ethereal-dev] Filter expressions for exclusion]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "John McDermott" <jjm@xxxxxxxxxx>
Date: Tue, 31 Dec 2002 16:51:39 -0700
OOPS, yes. I should have been more specific. In my example I was really meaning filtering out port 80.
This, of course, brings up another interesting point. If 'http' includes everything you mention below, this might be confusing to some (many?) users. If I use the the GUI or look in the help, I have no way of knowing that I'm asking for "any protocol using http". I would not expect (unless I knew IPP) for HTTP to match IPP. Maybe this is a documentation issue, but I regularly use Ethereal with users who are pretty new to networking and if they asked for HTTP and found IPP packets, they would probably be very confused. 

--john


Guy Harris wrote:


Actually, the answer is "!http" - there is no guarantee that HTTP traffic
appears only on port 80, and Ethereal also supports some other ports as
HTTP ports, e.g. 8080 (common alternate HTTP port), 3128 (common HTTP
proxy port), 3132 (HTTP proxy admin port, at least for proxies made by a
certain manufacturer of, well, network appliances), both TCP *and* UDP
ports 1900 (for the Simple Service Discovery Protocol, which I think is
part of Microsoft's UPnP, and that runs atop HTTP), and TCP port 631 (for
the Internet Printing Protocol, which also runs atop HTTP).




--
John McDermott
Writer, Educator, Consultant
jjm@xxxxxxxxxx		http://www.jkintl.com
V +1 505/377-6293 F +1 505/377-6313
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube