[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] About filter
From: Christopher Maynard <Christopher.Maynard () gtech ! com>
Date: 2013-04-16 22:59:36
Message-ID: loom.20130417T005344-68 () post ! gmane ! org
[Download RAW message or body]
Guy Harris <guy@...> writes:
> > It's all right till here, but when I export the capture as plain text,
the ICMP packets appear again. Seems
> like the filter just works in the main screen of Wireshark. What can I do
to capture just UDP traffic?
>
> Use the filter "udp", and use it as a *capture* filter (when starting the
capture with Capture -> Options)
> rather than as a *display* filter (in the main screen).
>
> "udp && !icmp" is used as a *display* filter to handle the fact that some
ICMP packets contain a partial or
> complete copy of the packet for which they're reporting a problem, so they
might contain UDP packets. For
> *capture* filters, only the outermost packet layer is tested, so "udp"
matches only UDP packets, not ICMP
> packets that happen to contain a copy of a UDP packet.
To isolate only the UDP packets from the capture files you might already
have, you will first need to apply a display filter of "udp && !icmp" as
you've done, then export only those displayed packets to a new capture file
using "File -> Export Specified Packets -> ...". After that, you can load
the newly created capture file containing only the UDP packets and finally
'File -> Export Packet Dissections -> as "Plain Text" file...'.
But to avoid that two-step process going forward, just follow Guy's advice.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic