Wireshark-users: Re: [Wireshark-users] Active filter
The wiki does refer to the capture options, but in the wiki calls to the documentation about filtering while capturing, which is the second link I have pointed out. The documentation for that is not correct.

Christopher Wooley
Systems Engineer
Asset Inventory Services
Overdrive Advanced Computers

"Question with boldness."
~Thomas Jefferson

"Those who give freedom for a little security deserve neither."
~Benjamin Franklin

From: sean bzd [mailto:[email protected]]
To: Community support list for Wireshark [mailto:[email protected]]
Sent: Wed, 09 Sep 2009 09:59:55 -0500
Subject: Re: [Wireshark-users] Active filter

I think you are confusing between "Capture Filters" and "Display filters while capturing"; these are two different things. The WIKI link you pointed correctly talks about Capture Filters and the place you are trying to enter the filter string where you are getting the error is a place to enter display filter not capture filter. The capture filter goes on the "Capture Options".

On Tue, Sep 8, 2009 at 4:29 PM, Christopher Wooley <[email protected]> wrote:
Under further information for "filtering while capturing":
http://wiki.wireshark.org/CaptureFilters
it gives the example in the docs page:
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
tcp port 23 and host 10.0.0.5
if you type in tcp port 23, it gives the error, but if you use tcp.port==23, it doesn't
the correct syntax would have been tcp.port==23 and ip.src="">
Christopher Wooley
Systems Engineer
Asset Inventory Services
Overdrive Advanced Computers

"Question with boldness."
~Thomas Jefferson

"Those who give freedom for a little security deserve neither."
~Benjamin Franklin

From: sean bzd [mailto:[email protected]]
To: Community support list for Wireshark [mailto:[email protected]]
Sent: Tue, 08 Sep 2009 14:01:52 -0500
Subject: Re: [Wireshark-users] Active filter


I suppose you mean Display filter.  Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?

On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley <[email protected]> wrote:
figured it out. I searched through the expressions list, until I found it. Does the WIKI need to be updated?



From: Christopher Wooley [mailto:[email protected]]
To: [email protected]
Sent: Tue, 08 Sep 2009 13:44:24 -0500
Subject: [Wireshark-users] Active filter


I am trying to filter an active capture for port 3250, but when I use "tcp port 3250" in the filter I get "port was unexpected in this context" What's the correct way to do this?


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:[email protected]?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:[email protected]?subject=unsubscribe