Wireshark-users: Re: [Wireshark-users] > How do I change the default capture filter?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Lori" <Verdandi@xxxxxxxxxxxxxxxxxx>
Date: Sat, 8 Aug 2009 14:53:35 -0400
Since this seems like something that is being 'remembered,' try to give it something else to remember. ; ) Try going to the 'invalid' filter and Edit it. Make it something that is valid.
It sounds to me like you're using the button on the toolbar to start the capture - or using Capture | Start and using the 'default' options. 
Double check :
Capture  | Capture Filters
Make sure all the ones you don't want are deleted.
Close Wireshark and open it back up.
Try a capture.
If that doesn't work, try creating a new configuration profile. Under Edit | Configuration Profiles click New. Give it a name and use that instead of the default.
Not sure how other people do this, but I always click Capture and then Interfaces and go to Options. I make sure the Options I want are there and then click Start from that screen to begin a capture. Never been one of those who strives for fewer mouse clicks. YMMV. Another reason I always do that is because I want to specifically name each capture and save it in a particular folder.
I went digging through the Registry and the things I found didn't really pertain to capture filters. I would think that setting would be in the file you found - in the 'recent' file. And I'm wondering if what you're seeing is in the filters drop-down list. [Are you trying to clear that list?]
Something else that may give you more information -- try creating a new user for that computer. See if it shows up under a different user or not. That would probably tell you if what you're trying to accomplish is a global or personal setting. 

Just some guesses... hope it helps.
----- Original Message ----- From: "Bland, Alan" <Alan.Bland@xxxxxxxxxxxx> 
To: <wireshark-users@xxxxxxxxxxxxx>
Sent: Saturday, August 08, 2009 12:03 PM
Subject: [Wireshark-users] > How do I change the default capture filter?




Lori,

Thanks for the advice.

I found the string in the "recent" history file.  Removing is did not
help.
That file is generated when Wireshark is closed.  Wireshark is still
starting up with the invalid capture filter.

I went in and tried to set the defaul filter to one that exists, but
wireshark started up with the invalid filter selected.

Do you have any other ideas?