Wireshark-dev: Re: [Wireshark-dev] Login and General Question

From: Christopher Maynard <christopher.maynard@xxxxxxxxx>
Date: Tue, 3 Apr 2012 14:34:32 +0000 (UTC)
Me <d.waddell1@...> writes:

> 1)  Didn't see any place to register and don't use any of 
> the mediums such as facebook, twitter, etc.  Tried a temporary login and 
> was rejected.   How do I register for the wireshark 
> forum?

By register, I assume you mean subscribe.  From http://www.wireshark.org/,
choose "Get Help" -> "Mailing Lists", then "Subscribe/Unsubscribe/Options" for
the list you're interested in subscribing to.

For example: https://www.wireshark.org/mailman/listinfo/wireshark-dev.  Fill out
your e-mail address, name, password, etc., then click, "Subscribe".

As you've already discovered, you don't need to subscribe to the list to post to
it, but it helps to be subscribed so it so that, for one thing, you can be
notified when someone provides you with some feedback.

> 2)  Wanted to know how I write a filter to monitor all 
> activity except for four selected IP addresses?  

A capture filter or a display filter?

I'll provide an example of both assuming you want to filter out traffic from the
following 4 addresses: 192.168.1.1, 192.168.1.2, 192.168.1.3 and 192.168.1.4.

Capture filter:
not ip host 192.168.1.1 and not ip host 192.168.1.2 and not ip host 192.168.1.3
and not ip host 192.168.1.4

Display filter:
!(ip.addr == 192.168.1.1) and !(ip.addr == 192.168.1.2) and !(ip.addr ==
192.168.1.3) and !(ip.addr == 192.168.1.4)

Hope it helps.
- Chris