Under further information for "filtering while capturing": http://wiki.wireshark.org/CaptureFilters it gives the example in the docs page: http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html tcp port 23 and host 10.0.0.5 if you type in tcp port 23, it gives the error, but if you use tcp.port==23, it doesn't the correct syntax would have been tcp.port==23 and ip.src=""> Christopher Wooley Systems Engineer Asset Inventory Services Overdrive Advanced Computers
"Question with boldness." ~Thomas Jefferson
"Those who give freedom for a little security deserve neither." ~Benjamin Franklin
From: sean bzd [mailto:seanbzd@xxxxxxxxx] To: Community support list for Wireshark [mailto:wireshark-users@xxxxxxxxxxxxx] Sent: Tue, 08 Sep 2009 14:01:52 -0500 Subject: Re: [Wireshark-users] Active filter
I suppose you mean Display filter. Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?