On Wed, Mar 25, 2009 at 02:42:11PM -0400, Parkis, Scott wrote:
> p.addr== and (ip.addr!= and
> ip.addr!=
> I want to show all packets src and/or dest from 2.34 but I do not want
> any packets to/from 10.150 and 11.140. I tried it with and without the
> () but it still shows me results with those two 10.1.x.x.
If you have a newer version of Wireshark, the filter box will turn
yellow and say "!= may have unexpected results (see the User's Guide)"
in the bottom staus bar. See section 6.4.4 in the User's Guide for an
explanation of why this isn't working:
You'll want to do something like !(ip.addr == x.x.x.x) as the user's
guide states.