Wireshark mailing list archives
Re: Colorize Conversation - except for SYN/FIN
From: Sake Blok <sake () euronet nl>
Date: Fri, 16 Dec 2011 18:34:17 +0100
On 16 dec 2011, at 17:26, Prigge Scott wrote:
Due to certain fields like ip.addr, in general it is not advisable to use expressions of the form, "(field != value)". Rather, using an expression of the form, "!(field == value)", is preferred to avoid any unintended consequences, and that is the reason the coloring rule is yellow instead of green.This is my new filter after having read your feedback - this one is green. tcp.stream eq 7 && (!(tcp.flags & 0x02) || (!(tcp.flags.fin == 1)))
That filter will give the same result as "tcp.stream eq 7" You would want to use any of the following: tcp.stream eq 7 && !tcp.flags & 0x02 && !tcp.flags.fin == 1 tcp.stream eq 7 && !(tcp.flags.syn==1 || tcp.flags.fin==1) Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Colorize Conversation - except for SYN/FIN Prigge Scott (Dec 15)
- Re: Colorize Conversation - except for SYN/FIN Stephen Fisher (Dec 15)
- Re: Colorize Conversation - except for SYN/FIN Stephen Fisher (Dec 15)
- Re: Colorize Conversation - except for SYN/FIN Prigge Scott (Dec 15)
- Re: Colorize Conversation - except for SYN/FIN Chris Maynard (Dec 16)
- Re: Colorize Conversation - except for SYN/FIN Prigge Scott (Dec 16)
- Re: Colorize Conversation - except for SYN/FIN Sake Blok (Dec 16)
- Re: Colorize Conversation - except for SYN/FIN Stephen Fisher (Dec 15)
- Re: Colorize Conversation - except for SYN/FIN Sake Blok (Dec 16)
- Re: Colorize Conversation - except for SYN/FIN Stephen Fisher (Dec 15)