Wireshark mailing list archives
Re: About filter
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Tue, 16 Apr 2013 22:59:36 +0000 (UTC)
Guy Harris <guy@...> writes:
It's all right till here, but when I export the capture as plain text,
the ICMP packets appear again. Seems
like the filter just works in the main screen of Wireshark. What can I do
to capture just UDP traffic?
Use the filter "udp", and use it as a *capture* filter (when starting the
capture with Capture -> Options)
rather than as a *display* filter (in the main screen). "udp && !icmp" is used as a *display* filter to handle the fact that some
ICMP packets contain a partial or
complete copy of the packet for which they're reporting a problem, so they
might contain UDP packets. For
*capture* filters, only the outermost packet layer is tested, so "udp"
matches only UDP packets, not ICMP
packets that happen to contain a copy of a UDP packet.
To isolate only the UDP packets from the capture files you might already have, you will first need to apply a display filter of "udp && !icmp" as you've done, then export only those displayed packets to a new capture file using "File -> Export Specified Packets -> ...". After that, you can load the newly created capture file containing only the UDP packets and finally 'File -> Export Packet Dissections -> as "Plain Text" file...'. But to avoid that two-step process going forward, just follow Guy's advice. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- About filter "udp && !icmp" delarge (Apr 16)
- Re: About filter "udp && !icmp" Guy Harris (Apr 16)
- Re: About filter Christopher Maynard (Apr 16)
- Re: About filter "udp && !icmp" Guy Harris (Apr 16)
- Re: About filter "udp && !icmp" Christopher Maynard (Apr 16)
- Re: About filter "udp && !icmp" delarge (Apr 17)
- Re: About filter Christopher Maynard (Apr 16)
- Re: About filter "udp && !icmp" Guy Harris (Apr 16)