We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] how to filter a port?

From: Guy Harris <[email protected]>
Date: Mon, 26 Feb 2007 02:37:18 -0800
David Drexler wrote:
It's either to or from 'http'.  I also tried

tcp.port != 80

same results. I want to run the capture realtime and only see the traffic that interests me.
Then you'll need to find out what ports the traffic is going to or 
coming from - capture filters only work at that level.
The Wireshark HTTP dissector checks for traffic to or from the following 
	80, 1900, 3128, 3132, 8080, 8088, 11371

If you filter all of them out, with, for example:

	not port 80 and not port 1900 and not port 3128 and ...

that should exclude traffic that Wireshark classifies as HTTP.