Wireshark mailing list archives
Re: Capture filter question
From: Marco Zuppone <msz () msz it>
Date: Sun, 6 Nov 2011 09:18:18 +0000
Hello David, the point of my question was: What is the difference between 'not arp and port not 53' and 'not arp and not port 53'?? Maybe is possible to reduce the problem to: what is the difference between 'not port xxx' and 'port not xxx' ? Both the syntaxes are accepted but I was wondering if there is a difference in the end result if the 'not' clause is before or after the 'port' one. Thanks in advance & Regards, Marco - StockTrader On 6 Nov 2011, at 01:54, David Alanis wrote:
Quoting David Alanis <canito () dalan us>:Quoting Marco Zuppone <msz () msz it>:Hello, I have a question about capture filters. I noticed that the basic capture filter predefined in Wireshark to do not capture arp and DNS requests is defined in this way: not arp and port not 53 What is the difference with: not arp and not port 53? Thanks in advance Marco - StockTrader ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribeSorry, I think I jumped the gun on my previous e-mail. I know that 'not arp' will filter out the address resolution protocol. 'not port 53' will simply discard communication over port 53. Is there something more specific that I am not understanding about these two capture filters? ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Capture filter question Marco Zuppone (Nov 05)
- Re: Capture filter question David Alanis (Nov 05)
- Re: Capture filter question David Alanis (Nov 05)
- Re: Capture filter question Marco Zuppone (Nov 06)
- Common Traffic haZard0us (Nov 06)
- Re: Common Traffic j.snelders (Nov 06)
- Re: Capture filter question Sake Blok (Nov 06)
- Re: Capture filter question Marco Simone Zuppone (Nov 07)
- Re: Capture filter question David Alanis (Nov 05)
- Re: Capture filter question David Alanis (Nov 05)