David Drexler wrote:
> It's either to or from 'http'. I also tried
>
> tcp.port != 80
>
> same results. I want to run the capture realtime and only see the
> traffic that interests me.
Then you'll need to find out what ports the traffic is going to or
coming from - capture filters only work at that level.
The Wireshark HTTP dissector checks for traffic to or from the following
ports:
80, 1900, 3128, 3132, 8080, 8088, 11371
If you filter all of them out, with, for example:
not port 80 and not port 1900 and not port 3128 and ...
that should exclude traffic that Wireshark classifies as HTTP.
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
