Re: Basic question about Wireshark

[Andreas <AndreasSander1 () gmx net>]

Am 24.07.2011 19:39, schrieb Frank Walter:
> OK, this is clear now. Thank you!
>
> Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark 1.6.1.
> I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff).
> When I try to set a filter that all those Broadcast-packets are omitted, it ends only in an empty list.
> I tried:
>
> eth.dst != ff:ff:ff:ff:ff:ff
>
> but also with eth.dst == ff:ff:ff:ff:ff:ff
>
> the result is empty. I don't know how to call the Destination, the context-menu "Apply as filter / Selected" gives me 
> the wrong name (eth.dst).
>
> What is it?

Both display filters
  eth.dst != ff:ff:ff:ff:ff:ff
  eth.dst!=ff:ff:ff:ff:ff:ff
work for me (Wireshark 1.6.0). Are you sure you have broadcast and 
not-broadcast packets.

Anyway you should use
  !(eth==ff:ff:ff:ff:ff:ff)
to exclude broadcast.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe