Since there are actually two fields matching tcp.port (source and destination address), your filter will only exclude traffic if BOTH ports are 3389.
Instead, try !(tcp.port==3389), which will exclude traffic if EITHER port is set to 3389.
Interesting little logic quirk. You also run into the same type of thing if you try to use "ip.addr != 10.10.10.10", for example.
Ian
On Oct 8, 2003, at 3:23 PM, Bergin, Rob wrote:
<x-tad-bigger>Hi all,</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>First time poster, long time sniffer.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>I want to know that if I run Ethereal on a remote PC and then display the capture I want a way to exclude out all of the remote control software (i.e.Terminal Services TCP Port3389.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>I did some searching and I can see that I can do a capture filter and/or a display filter. But I can’t get either to work.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>I tried: tcp.port != 3389</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>And it has not worked so far.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Any thoughts, thanks in advance.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Rob</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users