display filter != no longer works
I use the filter "ip.addr != 10.0.0.0/8 && !(ip.addr == 224.0.0.0/3)" to identify any traffic between our network and the outside (and also exclude class-D address space). This filter no longer works. It does work if I write it as "ip && (!(ip.src == 10.0.0.0/8) || !(ip.dst == 10.0.0.0/8)) && !(ip.addr == 224.0.0.0/3)" but I need to add IP and explicitly consider both the source and destination.
$ ./wireshark -v Wireshark 3.6.2 (v3.6.2-0-g626020d9b3c3)
Copyright 1998-2022 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later https://www.gnu.org/licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) using Microsoft Visual Studio 2019 (VC++ 14.29, build 30139), with Qt 5.15.2, with libpcap, with GLib 2.66.4, with zlib 1.2.11, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.44.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with libsmi 0.4.8, with QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler), with Minizip.
Running on 64-bit Windows 10 (21H1), build 19043, with Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz (with SSE4.2), with 16275 MB of physical memory, with GLib 2.66.4, with Qt 5.15.2, with Npcap version 1.55, based on libpcap version 1.10.2-PRE-GIT, with c-ares 1.17.0, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with nghttp2 1.44.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.4.0, without AirPcap, with LC_TYPE=English_United States.utf8, binary plugins supported (0 loaded).
I just upgraded from 3.4.12 and it worked there.
Please add the output of
wireshark -v
orHelp->About Wireshark:Wireshark
to the question.Do you know the previous version where it worked?