On Nov 9, 2012, at 6:12 PM, spdev31 <spdev31@xxxxxxxxx> wrote:
> I'm using Wireshark for logging USB traffic and have a signed field I'd like
> to filter on (e.g. usb.urb_status != -115). But, I cannot seem to filter
> based on a negative number without getting an error (e.g. "-115" cannot be
> found among the possible values for usb.urb_status).
"I cannot seem to filter based on a negative number without getting an error" and ""-115" cannot be found among the possible values for usb.urb_status" are inequivalent statements. The former means that if you try a filter such as "usb.urb_status == -115" you get an error; the latter either means that whatever name -115 has doesn't show up in, for example, the "Expression" dialog, or nothing shows up in the dialog that explicitly says "-115".
The first of those isn't the case, as Bill Meier noted.
The first meaning of the second of those also doesn't happen to be the case, at least in the trunk - EINPROGRESS is 115, and -EINPROGRESS does, in fact, show up in that list. If it doesn't show up in your version of Wireshark, you probably have an older release - EINPROGRESS was there since at least August 2008.
The second meaning of the second of those is the case, but that's because the lists in, for example, the "Expression" dialog don't list numeric values for the names, regardless of whether they're positive or negative or just unsigned - the values aren't relevant if you're looking for something by name and, if you're looking for something by value, you can just type the value - nothing *requires* that you specify a name rather than a numerical value in a filter expression, or even that you specify a value that corresponds to a name.
