This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I want to hide ICMP

0

Hello there,

Is there any possibilities to hide this ICMP? I just only to see syslog on my screen.

One more thing is there any fastest way to save this syslog? via text file, notepad, Ms word etc. Its urgent please do help.

Thank you.

asked 19 Jan '13, 06:25

FirstSystems's gravatar image

FirstSystems
11112
accept rate: 0%


2 Answers:

1

And to capture only non-ICMP traffic, use the capture filter "not icmp".

To capture only syslog traffic, you'd have to base that on the port number.

For the traditional syslog-over-UDP, as described in RFC 5426, "udp port syslog" would work on most systems, and, on those that don't, "udp port 514" would work.

For syslog-over-TCP, as described in RFC 3195, "tcp port syslog-conn" would work, at least if it's using the standard port, on most systems, and, on those where it doesn't work, "tcp port 601" would work. Wireshark can dissect that, but you'd need to use "Decode As...".

For syslog-over-TLS, as described in RFC 5425, use "tcp port 6514", but I'm not sure Wireshark dissects that (even if you have the certificates necessary to decrypt it).

answered 19 Jan '13, 16:36

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

To exclude ICMP traffic from the Wireshark display, apply the display filter "!icmp".

To show only syslog traffic, and hide all other traffic, use the display filter "syslog".

answered 19 Jan '13, 14:10

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%