[opensuse] How to use filters in Wireshark 1.8.2
I have used Wireshark for several years and often used filtiers to limit what is caputered. However, I don't see how to get filters to work in Wireshark 1.8.2. In earlier versions, I'd select options and choose the filter there. With 1.8.2, there's a separate area for selecting filters, but it doesn't seem to work. The options panel no longer has a place to select filters. What am I missing here? tnx jk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/10/12 18:52, James Knott wrote:
I have used Wireshark for several years and often used filtiers to limit what is caputered. However, I don't see how to get filters to work in Wireshark 1.8.2. In earlier versions, I'd select options and choose the filter there. With 1.8.2, there's a separate area for selecting filters, but it doesn't seem to work. The options panel no longer has a place to select filters.
What am I missing here?
tnx jk
Hi Choose an interface (e.g. first item on the icon bar) then click close. Type the filter you want alongside where it says Filter: (e.g. NFS) Click Apply (to the right of the filter box, where you have Expression Clear Apply Save) Start capture (e.g. third icon along on the icon bar) HTH L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
Choose an interface (e.g. first item on the icon bar) then click close. Type the filter you want alongside where it says Filter: (e.g. NFS) Click Apply (to the right of the filter box, where you have Expression Clear Apply Save) Start capture (e.g. third icon along on the icon bar)
Those are display filters, not capture. You should be able to select capture filters for the interface. With display filters, all the traffic is captured, but only selected displayed. With capture filters, only the selected is captured. If there's a lot of traffic, that makes a *BIG* difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, Oct 07, 2012 at 12:52:27PM -0400, James Knott wrote:
I have used Wireshark for several years and often used filtiers to limit what is caputered. However, I don't see how to get filters to work in Wireshark 1.8.2. In earlier versions, I'd select options and choose the filter there. With 1.8.2, there's a separate area for selecting filters, but it doesn't seem to work. The options panel no longer has a place to select filters.
Have you tried to double click on the interface in the 'Capture' titled section? By this you should get a window titled 'Edit Interface Settings'. There I had been able to define a 'Capture Filter:'. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
Lars Müller wrote:
I have used Wireshark for several years and often used filtiers to limit what is caputered. However, I don't see how to get filters to work in Wireshark 1.8.2. In earlier versions, I'd select options and choose the filter there. With 1.8.2, there's a separate area for selecting filters, but it doesn't seem to work. The options panel no longer has a place to select filters. Have you tried to double click on the interface in the 'Capture' titled
On Sun, Oct 07, 2012 at 12:52:27PM -0400, James Knott wrote: section?
By this you should get a window titled 'Edit Interface Settings'. There I had been able to define a 'Capture Filter:'.
That works. That's been changed from previous versions, where clicking on there would take you directly to the capturing window, without any options. I used to click on Capture and then select the Options button for the desired interface. This means there are two different methods, depending on whether I'm running Wireshark on my desktop (openSUSE 12.2) or firewall (11.4) tnx -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
James Knott -
Lars Müller -
lynn