Wireshark-users: Re: [Wireshark-users] Wireshark filters
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: kevin creason <ckevinj@xxxxxxxxx>
Date: Tue, 27 Sep 2011 07:02:11 -0500
Capture filters are troublesome for at least four reasons:
They can only be selected when you begin a capture and they remain for the duration of the capture.
They prevent packets from being captured either by exclusion of the filter or not being included in the filter.
Once packets are not captured, you cannot see them.
Finally, capture filter syntax is in the tcpdump style syntax, so it is not at all like a display filter.

However, they have their uses. But as a newbie I would ignore capture filters until you reach a better understanding about packet analysis.

-Kevin
/*“ I am looking for a lot of men who have an infinite capacity to not know what can't be done. ” -- Henry Ford  */



On Tue, Sep 27, 2011 at 6:43 AM, Lisi <lisi.reisz@xxxxxxxxx> wrote:
My question is, I'm afraid, very elementary, and possibly very dumb.  I am a
complete newbie to Wireshark and to packet-sniffers in general.

How do you use a capture filter?  I.e., how do you turn it on and off?  How do
you make it _do_ anything?

There is a menu item under capture for capture filters.  But selecting any of
the filters doesn't seem to have any effect.

Thanks,
Lisi
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe