multiple protocol filtering on Wireshark
10,469
How about this?
http or irc or dns
Author by
alfrego129
Updated on June 27, 2022Comments
-
alfrego129 over 1 year
I have problem filtering problem on Wireshark. Briefly, I would like to filter HTTP, IRC and DNS protocols at the same time on Wireshark.
Do you recommend and command about this on Wireshark?
Thank you.
Regards
-
alfrego129 about 6 yearsHi, I do not need ports I just wanna see general protocols and combine them, so I just one see all HTTP, IRC and DNS traffic on Wireshark and would like eliminate all the other traffic, how can I do it?
-
neuhaus about 6 years@alfrego129 Yes that's what this filter does. It will only match the three protocols you asked for. Have you tried it?
-
alfrego129 about 6 yearsyes I have tried and seen just eliminated TCP protocol traffic but my pcap includes HTTP, IRC and so on...
-
neuhaus about 6 yearsSo you do NOT want to see those protocols? Then invert the statement. Use "ne" instead of "eq" and "and" instead of "or". You should really learn to formulate the question properly so people don't have to guess what you are meaning.
-
alfrego129 about 6 yearsWhen I filter HTTP I see just HTTP traffic when I filter IRC I just see IRC traffic, so I just wanna combine both of them and DNS and wanna see 3 of them, when I try your command I see TCP traffic as well. Just wanna filter HTTP, IRC and DNS, do not wanna see the other traffic.
-
alfrego129 about 6 yearsSorry, filter means I just want to see these 3 protocols, not want to see the other protocols like TCP and so on.
-
alfrego129 about 6 yearsyes exactly this was the right answer, thank you very much Christopher.
-
TonyTheJet over 5 years@alfrego129 Please mark this as the correct answer, as the other answer is filtering by specific ports on a given protocol.