Celejar wrote: > On Fri, 25 Jun 2010 16:46:52 +0200 > Merciadri Luca <luca.mercia...@student.ulg.ac.be> wrote: > > > > /usr/share/doc/wireshark-common/README.Debian discusses wireshark and > necessary privileges. This came up a while back on the lists, and > someone said that this README, while in Sid, is not in earlier Debian > versions. > I had already read it, but here is what it gives me:
== Warning! Using the != operator on combined expressions like: eth.addr, ip.addr, tcp.port, udp.port and alike will probably not work as expected! Often people use a filter string to display something like ip.addr == 1.2.3.4 which will display all packets containing the IP address 1.2.3.4. Then they use ip.addr != 1.2.3.4 to see all packets not containing the IP address 1.2.3.4 in it. Unfortunately, this does not do the expected. Instead, that expression will even be true for packets where either source or destination IP address equals 1.2.3.4. The reason for this, is that the expression ip.addr != 1.2.3.4 must be read as "the packet contains a field named ip.addr with a value different from 1.2.3.4". As an IP datagram contains both a source and a destination address, the expression will evaluate to true whenever at least one of the two addresses differs from 1.2.3.4. If you want to filter out all packets containing IP datagrams to or from IP address 1.2.3.4, then the correct filter is !(ip.addr == 1.2.3.4) as it reads "show me all the packets for which it is not true that a field named ip.addr exists with a value of 1.2.3.4", or in other words, "filter out all packets for which there are no occurrences of a field named ip.addr with the value 1.2.3.4". == This README does not solve my issue (or, if it should, I might be misunderstanding it). :( -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. What we do for ourselves dies with us. What we do for others and the world remains and is immortal. (Albert Pine)
signature.asc
Description: OpenPGP digital signature
