This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello there,

Is there any possibilities to hide this ICMP? I just only to see syslog on my screen.

One more thing is there any fastest way to save this syslog? via text file, notepad, Ms word etc. Its urgent please do help.

Thank you.

asked 19 Jan '13, 06:25

FirstSystems's gravatar image

FirstSystems
11112
accept rate: 0%


And to capture only non-ICMP traffic, use the capture filter "not icmp".

To capture only syslog traffic, you'd have to base that on the port number.

For the traditional syslog-over-UDP, as described in RFC 5426, "udp port syslog" would work on most systems, and, on those that don't, "udp port 514" would work.

For syslog-over-TCP, as described in RFC 3195, "tcp port syslog-conn" would work, at least if it's using the standard port, on most systems, and, on those where it doesn't work, "tcp port 601" would work. Wireshark can dissect that, but you'd need to use "Decode As...".

For syslog-over-TLS, as described in RFC 5425, use "tcp port 6514", but I'm not sure Wireshark dissects that (even if you have the certificates necessary to decrypt it).

permanent link

answered 19 Jan '13, 16:36

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

To exclude ICMP traffic from the Wireshark display, apply the display filter "!icmp".

To show only syslog traffic, and hide all other traffic, use the display filter "syslog".

permanent link

answered 19 Jan '13, 14:10

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×74

question asked: 19 Jan '13, 06:25

question was seen: 23,002 times

last updated: 19 Jan '13, 16:36

p​o​w​e​r​e​d by O​S​Q​A