Hey there, I found in an earlier post, the display filter (http.request.method == "GET" and http.request.uri == "/"), which filter out ip address and visited url in a very good way. This filter also "removes" ads and other crap which is really nice. I'm trying to solve this display filter as an capture filter, but I'm having problems. I found this capture filter at Wireshark Wiki: port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x4745542, but this gives me too much information, ads and other crap. Do anyone of you know how I can expand the mentioned filter or create a new filter that filters out only the visited websites without ads as the display filter does? asked 03 Mar '14, 08:50  svante edited 03 Mar '14, 08:51 |
One Answer:
Go to Then enter your string, like "GET /" and you'll get a matching capture filter, that looks weird, but works ;-)) Regards answered 03 Mar '14, 10:30  Kurt Knochner ♦ |
Thank you very much! That was what I was looking for.