Wireshark mailing list archives
Re: port monitoring
From: Guy Harris <guy () alum mit edu>
Date: Tue, 4 Sep 2012 16:58:01 -0700
On Sep 4, 2012, at 4:23 PM, mike dodson wrote:
Thanks for the help but the suggestions did not work at all
Probably because some of them (the ones without "!=") were *capture* filters, which would have let you avoid capturing traffic to or from ports 80 or 443 but, at least in Wireshark, wouldn't have let you filter traffic you've *already captured*, and the other one filtered out stuff decoded as HTTP or HTTP-over-SSL/TLS but wouldn't have filtered out traffic to ports 80 or 443 that was ACK-only (no content *to* decode as HTTP or HTTP-over-SSL/TLS) or was part of a reassembled HTTP message or SSL message (they're just shown as stuff reassembled later).
but with a bit of playing around with the filter I was able to get it to work as listed below. tcp.port != 80 and tcp.port !=443 and udp.port != 80 and udp.port !=443
Yes, that's the right way to filter it out once you've captured the packets. The capture filters would help if you want to avoid even *capturing* "uninteresting" packets (TCP or UDP packets to or from port 443). ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- port monitoring mike dodson (Sep 04)
- Re: port monitoring Marco Zuppone (Sep 04)
- Re: port monitoring mike dodson (Sep 04)
- Re: port monitoring Guy Harris (Sep 04)
- Re: port monitoring Christopher Maynard (Sep 04)
- Re: port monitoring mike dodson (Sep 04)
- Re: port monitoring Marco Zuppone (Sep 04)
- Re: port monitoring sigafoose (Sep 04)
- Re: port monitoring Christopher Maynard (Sep 04)