Ethereal

Re: [Ethereal-users] Filtering
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2004

 

David Bremer wrote:
> BUT - if you already have a capture and want to eliminate your own IP
> then check out the display filter - try "ip.addr != 10.100.0.124"

Instead of using:
ip.addr != 10.100.0.124

you should probably use:
!(ip.addr == 10.100.0.24)

as described in Richard Urwins mail:
http://www.ethereal.com/lists/ethereal-users/200406/msg00013.html

or maybe the following one if you want to exclude also the packets that are not ip-packets:

ip and !(ip.addr == 10.10.0.24)

Similar applies for other fields that may appear more than once in a frame.
For example to find tcp packets where neither tcp source port nor tcp destination port is 80 then you could use the
following filter:

tcp and !(tcp.port == 80)

or you could use :
tcp.srcport != 80 and tcp.dstport != 80

the filter:
tcp.port != 80
will only exclude tcp packets sent from source port 80 to destination port 80

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.