Lab 23 is not displaying as expected in the bookmark filters menu. Could it be because there is a difference with the new version of Wireshark?

asked 2020-09-29 01:03:49 +0000

mark.witbeck gravatar image

The dfilters_sample.txt when added to my personal dfilters in Wireshark the Lab shows that it should look like a multi-line output. I do not get that. I get a single line with the entire filter as one filter with no separation. Even the filter bar is red. I am not sure if this is because of the newer version of Wireshark compared to when the file was created. If something changed. I have tried a few things but I am not sure what I am missing. This is not hard to copy and paste. I am using the Wireshark Version 3.2.7 (v3.2.7-0-gfb6522d84a3a).


edit retag flag offensive close merge delete


What operating system are you working on and what program is being used to edit dfilters?

Chuckc gravatar imageChuckc ( 2020-09-29 01:42:49 +0000 )edit

I am on Windows 10. I have used both the program Notepad and Wordpad to try and edit the files.

mark.witbeck gravatar imagemark.witbeck ( 2020-09-29 03:35:04 +0000 )edit

I think it's a bug but haven't figured out when it came in or how.
The file formats are a mix of CR/LF and once Wireshark saves it out an extra CR gets added.

Do you have the option of editing with vi (vim) or Notepad++?
In vi, delete the extra ^M at the end of the lines.
In Notepad++, use Edit->EOL Conversion->Windows (CR LF) to fix the lines missing a LF.

Chuckc gravatar imageChuckc ( 2020-09-29 05:47:42 +0000 )edit

Where is this dfilters_sample.txt file?

cmaynard gravatar imagecmaynard ( 2020-09-29 13:59:13 +0000 )edit
Chuckc gravatar imageChuckc ( 2020-09-29 14:15:06 +0000 )edit