On Jun 20, 2008, at 5:05 PM, Mark wrote:
Below is an exmpale. The whole string works great until I add the
"and no IGMP" when I do that the rest of the statement returns,
meaning its not filtered.
not arp and not dns and not ip.addr==10.5.50.62 and not
ip.addr==10.5.50.255 and no IGMP
That filter is rejected by a recent version of Wireshark, and should
be rejected by all versions of Wireshark unless they have a bug in the
filtering code; you have to change the stuff at the end to "and not
igmp" ("not" rather than "no", "igmp" rather than "IGMP") before it's
accepted.
Do you not get an error in your version of Wireshark? If you don't,
what version is it?
Or did you actually type "not igmp" rather than "no IGMP" in the
expression you used in Wireshark?