Wireshark-users: Re: [Wireshark-users] Active filter

Здравствуйте, sean.


Вы писали 8 сентября 2009 г., 23:01:52:


>

I suppose you mean Display filter.  Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?



On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley <[email protected]> wrote:


figured it out. I searched through the expressions list, until I found it. Does the WIKI need to be updated?





From: Christopher Wooley [mailto:[email protected]]

To: [email protected]

Sent: Tue, 08 Sep 2009 13:44:24 -0500

Subject: [Wireshark-users] Active filter



I am trying to filter an active capture for port 3250, but when I use "tcp port 3250" in the filter I get "port was unexpected in this context" What's the correct way to do this?



___________________________________________________________________________

Sent via:    Wireshark-users mailing list <[email protected]>

Archives:    http://www.wireshark.org/lists/wireshark-users

Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

            mailto:[email protected]?subject=unsubscribe



I need to filter *.cap file so I am using something like

>tshark -r H:\GRE.cap -T fields "-e frame.number -e ppp -e mp -e ppp" -e frame.number -e ppp -e mp -e ppp


-- 

С уважением,

 Savina                          mailto:[email protected]