Newbee question: Unable to use wireshark filter syntax.

2019-07-25

Johi

Hello, The Wireshark-filter. HTML clearly explains: ip.dst == is a valid filter. However, if I put this filter in the "wireshark capture interfaces" dialog box in the line "Capture filter for selected interfaces", the background stays red. If I use the basic "UDP" statement in this filter dialog box, it works.

Any idea why the filter syntax does not seem to work in the dialog box? (The NIC is connected to a network where the router is so i do not expect a problem from this side) Thanks in advance, Johi.

2 Answers

2019-07-25

millerlw

That is a display filter. If you want a capture filter, use one of these host dst host

2019-07-25

grahamb

updated 2019-07-25 14:02:44 +0000

cmaynard gravatar image

Wireshark has two filter syntaxes, for capture filters, also known as BPF filter and display filters.

More information can be found in the User Guide, 4.13. Filtering while capturing and 6.3. Filtering Packets While Viewing.

Asked: 2019-07-25 10:52:01 +0000

