Hello,
Below is an exmpale. The whole string works great until I add the "and no IGMP" when I do that the rest of the statement returns, meaning its not filtered.
not arp and not dns and not ip.addr==
10.5.50.62 and not ip.addr==
10.5.50.255 and no IGMP
On Thu, Jun 19, 2008 at 9:23 PM, Mark <
mark4246@xxxxxxxxx> wrote:
> Hello,
>
> What is the main difference between 'and' and 'or'? I am trying to filter
> out many different things like one particular IP addr, a certain protocol
> such as DNS and NBNS and ARP etc. It seems like when I add multiple entries
> into a filter some appear again and I am sure its due to the 'and' or the
> 'or' usage.
>
> Thanks,
>
> Mark
Hello. The question you ask is difficult to answer in a way that will
help you without some examples.
'and' means that both values have to be true and 'or' means at least
one of the values has to be true
true and true = true
true and false = false
false and true = false
false and false = false
true or true = true
true or false = true
false or true = true
false or false = false
Can you mock up some examples based on your experience of what you
*are* getting and what you *want* to get?
-Jason
