Re: Wireshark filters

[kevin creason <ckevinj () gmail com>]

Capture filters are troublesome for at least four reasons:
They can only be selected when you begin a capture and they remain for the
duration of the capture.
They prevent packets from being captured either by exclusion of the filter
or not being included in the filter.
Once packets are not captured, you cannot see them.
Finally, capture filter syntax is in the tcpdump style syntax, so it is not
at all like a display filter.

However, they have their uses. But as a newbie I would ignore capture
filters until you reach a better understanding about packet analysis.

-Kevin
/*“ I am looking for a lot of men who have an infinite capacity to not know
what can't be done. ” -- Henry Ford  */



On Tue, Sep 27, 2011 at 6:43 AM, Lisi <lisi.reisz () gmail com> wrote:

> My question is, I'm afraid, very elementary, and possibly very dumb.  I am
> a
> complete newbie to Wireshark and to packet-sniffers in general.
>
> How do you use a capture filter?  I.e., how do you turn it on and off?  How
> do
> you make it _do_ anything?
>
> There is a menu item under capture for capture filters.  But selecting any
> of
> the filters doesn't seem to have any effect.
>
> Thanks,
> Lisi
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe