Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Ethereal>
  3. users
display filters, how do I say OR? and how do I see only the initial connections?
jameshanley39 at yahoo
Aug 10, 2006, 12:20 PM
Post #1 of 2 (1539 views)
Permalink
-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
Re: display filters, how do I say OR? and how do I see only the initial connections? [ In reply to ]
jaap.keuter at xs4all
Aug 11, 2006, 2:22 AM
Post #2 of 2 (1456 views)
Permalink
-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------



> 1)
> how do I say OR ?
> AND is &&
>
> for example, I want to say
> tcp.dstport != 3389 "OR" tcp.srcport != 3389

How about ||

> 2)
> how do I see only the initial connections? and just incoming or just
> outgoing?

What are initial connections? On what protocol?

> is there an easier way than this? (i'm not even sure if this is right)
>
> my ip is 192.168.0.2
>
> for incoming-
> tcp.flags.syn == 1 && tcp.flags.ack==0 && ip.src != 192.168.0.2
>
> for outgoing-
> tcp.flags.syn == 1 && tcp.flags.ack==0 && ip.src == 192.168.0.2

For TCP this looks alright to me, other protocol require their own filter.

> thanks

You're welcome,
Jaap



_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal