Re: [Ethereal-users] Filtering

["David Bremer" <DAVEB@xxxxxxxxxxxxxx>]

Yeah - I saw that post (but admittedly forgot about it) and at the time
didn't feel confident enough to query. I still don't really as I haven't
gone near the source.

BUT by the argument in that link then you should be able to get a
result from something like
(ip.addr != 10.100.0.124) && ((ip.src == 10.100.0.124) || (ip.dst ==
10.100.0.124))

and ...

oh bugger - there ARE results

and for 
(!(ip.addr != 10.100.0.124)) && ((ip.src == 10.100.0.124) || (ip.dst ==
10.100.0.124))
There are no results

so my assumption of ip.addr is obviously not right, somewhere there's
an OR going on with ip.addr looking at the src/dest rather than an AND.
Using the dialog box to assemble the query leads down the wrong path for
this.

Ethereal is obviously broken because it gives me what I asked for and
not what I wanted



(yes I was kidding)

Thanks for pointing this out

Dave


>>> martin.regner@xxxxxxxxx 4/06/04 09:52:25 >>>
David Bremer wrote:
> BUT - if you already have a capture and want to eliminate your own
IP
> then check out the display filter - try "ip.addr != 10.100.0.124"

Instead of using:
ip.addr != 10.100.0.124

you should probably use:
!(ip.addr == 10.100.0.24)

as described in Richard Urwins mail:
http://www.ethereal.com/lists/ethereal-users/200406/msg00013.html 

or maybe the following one if you want to exclude also the packets that
are not ip-packets:

ip and !(ip.addr == 10.10.0.24)

Similar applies for other fields that may appear more than once in a
frame.
For example to find tcp packets where neither tcp source port nor tcp
destination port is 80 then you could use the
following filter:

tcp and !(tcp.port == 80)

or you could use :
tcp.srcport != 80 and tcp.dstport != 80

the filter:
tcp.port != 80
will only exclude tcp packets sent from source port 80 to destination
port 80



_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx 
http://www.ethereal.com/mailman/listinfo/ethereal-users