Wireshark · Wireshark-dev: Re: [Wireshark-dev] ip.addr != 10.0.0.1

Wireshark-dev: Re: [Wireshark-dev] ip.addr != 10.0.0.1

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Sun, 27 Jan 2008 21:23:40 +0100

Stig Bjørlykke wrote:

Hi.

We often get questions why the filter "ip.addr != 10.0.0.1" does not
work as expected.

Is it a good idea to make some sort of special handling for filters
like "ip.addr", "tcp.port" and "udp.port" to expand to the commonly
expected behavior?

Hi,

I'm very much opposed to it. Boolean logic can be a somewhat tricky, butwhen you master the math it becomes a powerful tool. Wireshark is apowetool. Therefor we have to educate the users, by teaching them how touse it. The Wiki is a good place, and can always be improved upon, so itcan be the primary reference to the subject.


Thanx,
Jaap

Follow-Ups:
- Re: [Wireshark-dev] ip.addr != 10.0.0.1
  - From: Guy Harris
- Re: [Wireshark-dev] ip.addr != 10.0.0.1
  - From: Ulf Lamping
- Re: [Wireshark-dev] ip.addr != 10.0.0.1
  - From: Sake Blok

References:
- [Wireshark-dev] ip.addr != 10.0.0.1
  - From: Stig Bjørlykke

Prev by Date: Re: [Wireshark-dev] ip.addr != 10.0.0.1
Next by Date: Re: [Wireshark-dev] ip.addr != 10.0.0.1
Previous by thread: Re: [Wireshark-dev] ip.addr != 10.0.0.1
Next by thread: Re: [Wireshark-dev] ip.addr != 10.0.0.1
Index(es):
- Date
- Thread