Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I can set a display filter just fine; why don capture filters work?

capture display filter filters Fine
0
Posted

I can set a display filter just fine; why don capture filters work?

0 CommentsAdd a Comment

1 Answer

0

Capture filters currently use a different syntax than display filters. Here’s the corresponding section from the wireshark(1) man page: “Display filters in Wireshark are very powerful; more fields are filterable in Wireshark than in other protocol analyzers, and the syntax you can use to create your filters is richer. As Wireshark progresses, expect more and more protocol fields to be allowed in display filters. Packet capturing is performed with the pcap library. The capture filter syntax follows the rules of the pcap library. This syntax is different from the display filter syntax.” The capture filter syntax used by libpcap can be found in the tcpdump(8) man page.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123