Lab 23 is not displaying as expected in the bookmark filters menu. Could it be because there is a difference with the new version of Wireshark?
The dfilters_sample.txt when added to my personal dfilters in Wireshark the Lab shows that it should look like a multi-line output. I do not get that. I get a single line with the entire filter as one filter with no separation. Even the filter bar is red. I am not sure if this is because of the newer version of Wireshark compared to when the file was created. If something changed. I have tried a few things but I am not sure what I am missing. This is not hard to copy and paste. I am using the Wireshark Version 3.2.7 (v3.2.7-0-gfb6522d84a3a).
Thanks
What operating system are you working on and what program is being used to edit dfilters?
I am on Windows 10. I have used both the program Notepad and Wordpad to try and edit the files.
I think it's a bug but haven't figured out when it came in or how.
The file formats are a mix of CR/LF and once Wireshark saves it out an extra CR gets added.
Do you have the option of editing with vi (vim) or Notepad++?
In vi, delete the extra
^M
at the end of the lines.In Notepad++, use
Edit->EOL Conversion->Windows (CR LF)
to fix the lines missing a LF.Where is this dfilters_sample.txt file?
In the Book Supplements
I appended the dfilters_sampe.txt contents to the default dfilters file, and everything looks fine, but I am still using [a customized version of] 3.2.6. Is the problem resolved with 3.2.6? If so, then maybe some bug was introduced with 3.2.7.
It's Windows specific and after the default is read in and written back out to a dfilters in the profile directory.
So I see the extra carriage return, but the steps to reproduce it seem to be:
OK
. This will cause the dfilters file to be re-written by Wireshark, which will only then introduce the extraneous carriage returns.I've done this; however, after closing Wireshark and re-opening it again, the display filters still seem to be read just fine and are just as usable as before. If there's something else one needs to do to reproduce the problem, then I guess I'm missing it. (A Wireshark Issue should probably be opened so the extraneous carriage return can be fixed, but at ...(more)
NOTE: You don't actually have to add any new display filters to see the extra carriage return added, as merely clicking
OK
in the Display Filters dialog will do that, regardless of whether you added any new filters or not.