Hello David,
the point of my question was:
What is the difference between 'not arp and port not 53' and 'not arp and not port 53'??
Maybe is possible to reduce the problem to: what is the difference between 'not port xxx' and 'port not xxx' ?
Both the syntaxes are accepted but I was wondering if there is a difference in the end result if the 'not' clause is before or after the 'port' one.
Thanks in advance & Regards,
Marco - StockTrader
On 6 Nov 2011, at 01:54, David Alanis wrote:
> Quoting David Alanis <canito@xxxxxxxx>:
>
>> Quoting Marco Zuppone <msz@xxxxxx>:
>>
>>> Hello,
>>>
>>> I have a question about capture filters.
>>> I noticed that the basic capture filter predefined in Wireshark to do not capture arp and DNS requests is defined in this way:
>>> not arp and port not 53
>>>
>>> What is the difference with: not arp and not port 53?
>>>
>>> Thanks in advance
>>> Marco - StockTrader
>>> ___________________________________________________________________________
>>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>
>
> Sorry, I think I jumped the gun on my previous e-mail. I know that 'not arp' will filter out the address resolution protocol. 'not port 53' will simply discard communication over port 53.
>
> Is there something more specific that I am not understanding about these two capture filters?
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
