David Drexler wrote:
It's either to or from 'http'. I also tried
tcp.port != 80
same results. I want to run the capture realtime and only see the
traffic that interests me.
Then you'll need to find out what ports the traffic is going to or
coming from - capture filters only work at that level.
The Wireshark HTTP dissector checks for traffic to or from the following
80, 1900, 3128, 3132, 8080, 8088, 11371
If you filter all of them out, with, for example:
not port 80 and not port 1900 and not port 3128 and ...
that should exclude traffic that Wireshark classifies as HTTP.