I've used the following to filter by field value - udp port 8003 and udp[10] = 200; udp port 8002 and udp[8:4] = 1049. I recently attempted these with a newer version of Wireshark and they were disallowed. Can you help me update these? asked 30 Dec '13, 08:22 mmaloney |
One Answer:
Are you entering them as capture filters or as display filters? Wireshark 1.10.5 accepts both of these as legitimate capture filters. answered 30 Dec '13, 09:14 Jim Aragon |