On Sep 4, 2012, at 4:23 PM, mike dodson wrote:
> Thanks for the help but the suggestions did not work at all
Probably because some of them (the ones without "!=") were *capture* filters, which would have let you avoid capturing traffic to or from ports 80 or 443 but, at least in Wireshark, wouldn't have let you filter traffic you've *already captured*, and the other one filtered out stuff decoded as HTTP or HTTP-over-SSL/TLS but wouldn't have filtered out traffic to ports 80 or 443 that was ACK-only (no content *to* decode as HTTP or HTTP-over-SSL/TLS) or was part of a reassembled HTTP message or SSL message (they're just shown as stuff reassembled later).
> but with a bit of playing around with the filter I was able to get it to work as listed below.
>
> tcp.port != 80 and tcp.port !=443 and udp.port != 80 and udp.port !=443
Yes, that's the right way to filter it out once you've captured the packets. The capture filters would help if you want to avoid even *capturing* "uninteresting" packets (TCP or UDP packets to or from port 443).