I am analyzing an Aix iptrace which was ftp'd to my windows10 laptop from the AIX instance where it was taken. Wireshark is running on my wndows 10. I open the iptrace in wireshark (OK) . Where I'm lost is on setting up the capture filters. Two key points (1) wireshark seems to be presenting the LOCAL ethernet interfaces on my windows system whereas I'm interested in filtering the IP trace file to identify dropped packets. (2) In the capture options pane I type in arguments given me by IBM support (who are experienced wireshark users) .. Both options begin with 'tcp'' . But anything I type after tcp causes the pane to turn from green ( tcp only entered) to red ( tcp.x.y_z) .. When red , the start button is grayed out and I cannot start the analysis.
