Hi,
Be aware there's a difference between display and capture filters.
Capture filters are fed to the capture engine which can make low level
decisions (like ethernet address, tcp ports at most). Display filters
come into play when real dissections takes place.
So, getting to something advanced as SNMP enterprise number needs
dissection, hence is not available as capture filter.
For further reading, see http://wiki.wireshark.org/CaptureFilters
Thanx,
Jaap
Akers, Robert wrote:
I'm trying to start Wireshark from the command line filtering on the
snmp enterprise. No matter what I've tried results in results in an
invalid capture filter. Anyone know what the correct syntax would be
for -f in this case?