Wireshark-users: Re: [Wireshark-users] Filter Out PPP

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Mon, 15 Jun 2009 14:37:06 +0200
On Mon, Jun 15, 2009 at 07:50:49AM -0400, Ron Gallimore wrote:
> Thanks for the link but I am looking for a capture filter not a display
> filter.  I will save the PDF link for future reference.  Is it even
> possible to create a capture filter for PPP and GRE?  I am finding
> conflicting information online.  I do not want to see what is in the GRE
> and PPP.  I only want to take it out so my capture files are not too big
> for my troubleshooting.

I'm making some assumptions first: You are capturing on Ethernet. On top of that
there's IP, on top of that there's GRE, on top of that threre's PPP.

So what you need to do is just filter out all the GRE traffic, that should get
rid of all the PPP traffic as well.

The capture filter to get rid of GRE in this scenario is: 'ip protocol != 47'
Directly filtering out PPP with the ppp keyword would only be possible if the
link layer protocol was set to PPP, which wouldn't make much sense to filter
out in that case.

Ciao
    Joerg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.