John McDermott said: > OK. So this got me to thinking. How do I write "I want to see all > packets except HTTP packets". The answer is '!tcp.port == 80'.
Actually, the answer is "!http" - there is no guarantee that HTTP traffic appears only on port 80, and Ethereal also supports some other ports as HTTP ports, e.g. 8080 (common alternate HTTP port), 3128 (common HTTP proxy port), 3132 (HTTP proxy admin port, at least for proxies made by a certain manufacturer of, well, network appliances), both TCP *and* UDP ports 1900 (for the Simple Service Discovery Protocol, which I think is part of Microsoft's UPnP, and that runs atop HTTP), and TCP port 631 (for the Internet Printing Protocol, which also runs atop HTTP).
