Wireshark-users: Re: [Wireshark-users] Active filter
From: Savina Alla <nighthaunter666@xxxxxxxxx>
Date: Wed, 9 Sep 2009 00:38:36 +0400

Здравствуйте, sean.

Вы писали 8 сентября 2009 г., 23:01:52:


I suppose you mean Display filter.  Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?

On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley <support@xxxxxxxxxxxxxxxxxxxx> wrote:

figured it out. I searched through the expressions list, until I found it. Does the WIKI need to be updated?

From: Christopher Wooley [mailto:support@xxxxxxxxxxxxxxxxxxxx]

To: wireshark-users@xxxxxxxxxxxxx

Sent: Tue, 08 Sep 2009 13:44:24 -0500

Subject: [Wireshark-users] Active filter

I am trying to filter an active capture for port 3250, but when I use "tcp port 3250" in the filter I get "port was unexpected in this context" What's the correct way to do this?


Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>

Archives:    http://www.wireshark.org/lists/wireshark-users

Unsubscribe: https://wireshark.org/mailman/options/wireshark-users


I need to filter *.cap file so I am using something like

>tshark -r H:\GRE.cap -T fields "-e frame.number -e ppp -e mp -e ppp" -e frame.number -e ppp -e mp -e ppp


С уважением,

 Savina                          mailto:NightHaunter666@xxxxxxxxx