Re: port monitoring

[Guy Harris <guy () alum mit edu>]

On Sep 4, 2012, at 4:23 PM, mike dodson wrote:

> Thanks for the help but the suggestions did not work at all

Probably because some of them (the ones without "!=") were *capture* filters, which would have let you avoid capturing 
traffic to or from ports 80 or 443 but, at least in Wireshark, wouldn't have let you filter traffic you've *already 
captured*, and the other one filtered out stuff decoded as HTTP or HTTP-over-SSL/TLS but wouldn't have filtered out 
traffic to ports 80 or 443 that was ACK-only (no content *to* decode as HTTP or HTTP-over-SSL/TLS) or was part of a 
reassembled HTTP message or SSL message (they're just shown as stuff reassembled later).

> but with a bit of playing around with the filter I was able to get it to work as listed below.
>  
> tcp.port != 80 and tcp.port !=443 and udp.port != 80 and udp.port !=443

Yes, that's the right way to filter it out once you've captured the packets.  The capture filters would help if you 
want to avoid even *capturing* "uninteresting" packets (TCP or UDP packets to or from port 443).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe