Ask Your Question

Newbee question: Unable to use wireshark filter syntax.

asked 2019-07-25 10:52:01 +0000

Johi gravatar image

Hello, The Wireshark-filter. HTML clearly explains: ip.dst == is a valid filter. However, if I put this filter in the "wireshark capture interfaces" dialog box in the line "Capture filter for selected interfaces", the background stays red. If I use the basic "UDP" statement in this filter dialog box, it works.

Any idea why the filter syntax does not seem to work in the dialog box? (The NIC is connected to a network where the router is so i do not expect a problem from this side) Thanks in advance, Johi.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2019-07-25 16:27:30 +0000

millerlw gravatar image

That is a display filter. If you want a capture filter, use one of these host dst host

edit flag offensive delete link more

answered 2019-07-25 11:09:12 +0000

grahamb gravatar image

updated 2019-07-25 14:02:44 +0000

cmaynard gravatar image

Wireshark has two filter syntaxes, for capture filters, also known as BPF filter and display filters.

More information can be found in the User Guide, 4.13. Filtering while capturing and 6.3. Filtering Packets While Viewing.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-07-25 10:52:01 +0000

Seen: 135 times

Last updated: Jul 25 '19