Is there any possibilities to hide this ICMP? I just only to see syslog on my screen.
One more thing is there any fastest way to save this syslog? via text file, notepad, Ms word etc. Its urgent please do help.
asked 19 Jan '13, 06:25
And to capture only non-ICMP traffic, use the capture filter "not icmp".
To capture only syslog traffic, you'd have to base that on the port number.
For the traditional syslog-over-UDP, as described in RFC 5426, "udp port syslog" would work on most systems, and, on those that don't, "udp port 514" would work.
For syslog-over-TCP, as described in RFC 3195, "tcp port syslog-conn" would work, at least if it's using the standard port, on most systems, and, on those where it doesn't work, "tcp port 601" would work. Wireshark can dissect that, but you'd need to use "Decode As...".
For syslog-over-TLS, as described in RFC 5425, use "tcp port 6514", but I'm not sure Wireshark dissects that (even if you have the certificates necessary to decrypt it).
answered 19 Jan '13, 16:36
Guy Harris ♦♦
To exclude ICMP traffic from the Wireshark display, apply the display filter "!icmp".
To show only syslog traffic, and hide all other traffic, use the display filter "syslog".
answered 19 Jan '13, 14:10