Thanks
Sent from my Blackberry wireless device
----- Original Message -----
From: wireshark-users-bounces@xxxxxxxxxxxxx <wireshark-users-bounces@xxxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Wed Mar 25 15:02:06 2009
Subject: Re: [Wireshark-users] What is wrong with this filter?
On Wed, Mar 25, 2009 at 02:42:11PM -0400, Parkis, Scott wrote:
> p.addr==192.168.2.34 and (ip.addr!=10.1.10.150 and
> ip.addr!=10.1.11.140)
>
> I want to show all packets src and/or dest from 2.34 but I do not want
> any packets to/from 10.150 and 11.140. I tried it with and without the
> () but it still shows me results with those two 10.1.x.x.
If you have a newer version of Wireshark, the filter box will turn
yellow and say "!= may have unexpected results (see the User's Guide)"
in the bottom staus bar. See section 6.4.4 in the User's Guide for an
explanation of why this isn't working:
http://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html#ChWorkBuildDisplayFilterMistake
You'll want to do something like !(ip.addr == x.x.x.x) as the user's
guide states.
Steve
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe