Wireshark · Ethereal-users: Re: [Ethereal-users] display filters, how do I say OR? and how do I see only the initial connections

Ethereal-users: Re: [Ethereal-users] display filters, how do I say OR? and how do I see only the

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Fri, 11 Aug 2006 11:22:52 +0200 (CEST)

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------



> 1)
> how do I say OR ?
> AND is &&
>
> for example, I want to say
> tcp.dstport != 3389 "OR" tcp.srcport != 3389

How about ||

> 2)
> how do I see only the initial connections? and just incoming or just
> outgoing?

What are initial connections? On what protocol?

> is there an  easier way than this? (i'm not even sure if this is right)
>
> my ip is 192.168.0.2
>
> for incoming-
> tcp.flags.syn == 1 && tcp.flags.ack==0 && ip.src != 192.168.0.2
>
> for outgoing-
> tcp.flags.syn == 1 && tcp.flags.ack==0 && ip.src == 192.168.0.2

For TCP this looks alright to me, other protocol require their own filter.

> thanks

You're welcome,
Jaap



_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

References:
- [Ethereal-users] display filters, how do I say OR? and how do I see only the initial connections?
  - From: james hanley

Prev by Date: Re: [Ethereal-users] display filters, how do I say OR? and how do I see only the initial connections?
Next by Date: [Ethereal-users] Quick packet marking questions
Previous by thread: Re: [Ethereal-users] display filters, how do I say OR? and how do I see only the initial connections?
Next by thread: [Ethereal-users] Quick packet marking questions
Index(es):
- Date
- Thread