On Jun 23, 2010, at 2:53 PM, David H. Lipman wrote:
> Command Line switches are not a god idea as this is only the beginning of filtering out
> process.
If he uses a command to capture traffic, and you don't want the "Microsoft noise" in the capture file, command line switches are the *ONLY* idea.
> Does TShark interpret a disk file with these directives ?
To what directives are you referring?
If you want to capture without filtering out the "Microsoft noise", so the noise, as well as the other traffic which you *are* interested in seeing, is in the capture file, and filter it out later, when you look at the capture file, you can use the filter "!nbns" as a read filter in TShark or a display filter in Wireshark.