Hi Marco,
The Ethereal display filter language has an implicit 'exists' operator which
is invoked whenever a protocol name or a protocol field name appears in a
display filter expression. As a result, "ip.addr != 1.2.3.4" must be read as
"the packet contains a field named 'ip.addr' with a value different from
'1.2.3.4'".
Regards,
Olivier
-----Original Message-----
From: Marco Rommelse
Hi,
I have noticed that the != operator doesn't work as expected anymore in the
display-filter field. I am using ethereal version 0.10.2. This has worked up
to version 0.10.0a. So if I want to filter out ip-address 192.168.1.2 for
instance, I would normally enter ip.addr != 192.168.1.2. This doesn't seem
to work anymore. You can get around it by entering !(ip.addr ==
192.168.1.2) instead. Has anyone else seen this?
Another thing which sprung to my attention are the tcp analysis messages in
the info field regarding duplicate ack's. Although this message is always
right, sometimes this is caused by tcp window updates (usually the ack
number doesn't change, only the window-size). I think that this should be
mentioned in the diagnostic.
Thanks,
Marco