Wireshark · Wireshark-users: Re: [Wireshark-users] how to filter a port?

Wireshark-users: Re: [Wireshark-users] how to filter a port?

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Mon, 26 Feb 2007 11:33:40 +0100

David Drexler wrote:

It's either to or from 'http'.  I also tried

tcp.port != 80
same results. I want to run the capture realtime and only see thetraffic that interests me.

Your display filter falls under the "A common mistake", try !(tcp.port== 80) instead, which is not the same.


HTTP can be transported over various TCP ports - not only port 80.

See:

http://wiki.wireshark.org/Hyper_Text_Transfer_Protocol?action=show&redirect=HTTPfor protocol infohttp://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.htmlfor capture filters andhttp://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.htmlfor display filters


Regards, ULFL

Follow-Ups:
- Re: [Wireshark-users] how to filter a port?
  - From: Small, James

References:
- [Wireshark-users] how to filter a port?
  - From: David Drexler
- Re: [Wireshark-users] how to filter a port?
  - From: Jeff Morriss
- Re: [Wireshark-users] how to filter a port?
  - From: David Drexler

Prev by Date: [Wireshark-users] Sniffing across 2 network types
Next by Date: Re: [Wireshark-users] how to filter a port?
Previous by thread: Re: [Wireshark-users] how to filter a port?
Next by thread: Re: [Wireshark-users] how to filter a port?
Index(es):
- Date
- Thread