i upgraded to wirshark 1.8.0 , could not get a filter to work , syntex error in filter string . i upgraded to wireshark 1.8.2 , still the same problem . tried two filters filter name = IP address 192.168.0.1 filter string = host 192.168.0.1 filter name = test ip address filter string = ! ( ip.addr == 10.43.54.65 ) each has a error Invalid capture filter "test ip address" for interface Intel(R) 82579LM Gigabit Network Connection: \Device\NPF_{D9470C12-7560-4669-AA38-CC092A8EA807}! That string isn't a valid capture filter (syntax error). See the User's Guide for a description of the capture filter syntax. asked 19 Sep '12, 09:16 mwillenb edited 19 Sep '12, 10:08 cmaynard ♦♦ |
One Answer:
each has a error Invalid capture filter "test ip address" for interface Intel(R) 82579LM Gigabit Network Connection: \Device\NPF_{D9470C12-7560-4669-AA38-CC092A8EA807}! It appears that you are attempting to use the filter name instead of the filter string. But even if you had correctly used the filter string, it would have still failed in those cases because those are display filters, not capture filters. If you are adding capture filters, then they must be in proper capture filter syntax. A proper filter will cause the background of the filter string field to turn green. This document may help you with capture filter syntax, or refer to the pcap-filter man page. For IP display filter help, see the Wireshark Internet_protocol wiki page. Lastly, don't forget about the Wireshark user guide. answered 19 Sep '12, 10:07 cmaynard ♦♦ i got it working , but my complaint is still valid , then i duble click the interface , to get the " Edit Iterface Settings " screen and try to fill in the Capture Filter: by picking the filter , but i set the capture filter profile anf the edit interface setting back to default . then i add to the Filter field ip.addr == 216.69.108.117 and start the capture this set up works so i will do this for a capture filter . i will ignore the " Wireshark Capture Filter Profiler " and the " edit interface settings / capture filter field " (19 Sep '12, 11:38) mwillenb in the previous letter , i did use ip.addr == 216.69.108.117 the ip addr == 216.69.108.117 was a typo (19 Sep '12, 11:40) mwillenb " (19 Sep '12, 11:46) cmaynard ♦♦ |
i even used one of the sample filters that was loaded in the install filter name = IP address 192.168.0.1 filter string = host 192.168.0.1