Wireshark mailing list archives

Re: Filter out a string using a display filter

From: Guy Harris <guy () alum mit edu>
Date: Thu, 13 May 2010 13:55:46 -0700


On May 13, 2010, at 9:11 AM, Anthony Murabito wrote:

Hi Panos, 

wlan.fc.type_subtype != 0x04 && wlan.fc.type_subtype != 0x05


I.e., 802.11 probe packets don't contain the phrase "probe request" or "probe response"; those strings are contained, 
instead, in Wireshark and TShark (or, rather, in the library that both of them use to dissect packets), and they use 
them when displaying the packet summary and details.  What the probe request and response packets contain (along with 
all other 802.11 packets) are a type and subtype field, with particular values for particular packet types, and what 
you need to check for are those packet types.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Filter out a string using a display filter Panagiotis Georgopoulos (May 13)
- Re: Filter out a string using a display filter Anthony Murabito (May 13)
  - Re: Filter out a string using a display filter Guy Harris (May 13)
    - Re: Filter out a string using a display filter Panagiotis Georgopoulos (May 14)
    - Re: Filter out a string using a display filter Anthony Murabito (May 14)
    - Re: Filter out a string using a display filter j.snelders (May 14)
    - Re: Filter out a string using a display filter Wes (May 14)
    - Re: Filter out a string using a display filter Guy Harris (May 14)