While monitoring an analyzer using RSPAN, I was getting a bunch of packets that I don’t care about. I don’t really want to filter based on just one packet but instead would like to filter out the packets I don’t want. Here you can see STP and HSRP packets being exchanged on the switched port I’m analyzing:
So, as an example, I will set Wireshark to filter these two types of packets out. To filter out what you don’t want, you will need to write an expression.
First go to the “Edit/apply display filter” icon:
And type in a filter name. Next you want to type in the Filter String; since I don’t want to see STP or HSRP I’ll filter based on that:
not stp and !(hsrp)
The Filter string will turn green when the expression is valid:
As another example, say I wanted to filter out packets based on arp and say a UDP port number, it would look something like this:
not arp and !(udp.port == 53)
This will filter out arp and udp dns packets:
For more capture filter examples, see the Wireshark Wiki here (1)…
-Cheers!
(1) http://wiki.wireshark.org/CaptureFilters
No comments:
Post a Comment