> What is the display filter which will allow me to see only source ports of
> what I specify.
TCP ports or UDP ports?
To see only packets with a TCP source port of 25 - i.e., packets *from*
TCP port 25, but *NOT* to TCP port 25 unless they're also *from* TCP
port 25, and not from or to UDP port 25 - do
tcp.srcport == 25
To see only packets with a UDP source port of 25 - i.e., packets *from*
UDP port 25, but *NOT* to UDP port 25 unless they're also *from* UDP
port 25, and not from or to TCP port 25 - do
udp.srcport == 25
To see packets with a TCP *or* UDP source port of 25 - i.e., packets
*from* TCP or UDP port 25, but *NOT* to TCP port 25 or UDP port 25
unless they're also *from* TCP or UDP port 25 - do
tcp.srcport == 25 or udp.srcport == 25
> For example if I wanted to see all port 25 to and
> from....what would the correct syntax be?
It wouldn't be any of the above, because that's *NOT* checking only the
specified source ports; you said "to and from", which involves checking
both source *and* destination ports.
So, what do you mean by "all port 25 to and from"?
Do you mean "all traffic that's from port 25 *and* to port 25" at the
same time, i.e. only a packet sent from port 25 to port 25?
If so, then, for TCP port 25, you'd do
tcp.srcport == 25 and tcp.dstport == 25
and for UDP port 25, you'd do
udp.srcport == 25 and udp.dstport == 25
and for either TCP or UDP port 25, you'd do
(tcp.srcport == 25 and tcp.dstport == 25) or (udp.srcport == 25 and udp.dstport == 25)
Or do you mean "all traffic that's from port 25 *or* to port 25"?
If so, then, for TCP port 25, you'd do
tcp.port == 25
and for UDP port 25, you'd do
udp.port == 25
and for either TCP or UDP port 25, you'd do
tcp.port == 25 or udp.port == 25
