This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What are the display filters for the following situations?

a) HTTP that includes the text “Malware.exe” in the GET message

b) Traffic on port 80 that is not going to the webserver (webserver IP is 1.2.3.4)

c) Any IP message that includes your name as part of a plain text message.

pahert homework display-filter

asked 05 Mar '14, 20:57

mehrumj
11●1●1●2
accept rate: 0%

edited 09 Mar '14, 11:45

Kurt Knochner ♦
24.8k●10●39●237

Dear Himanshu,

thank you for your interest in this site. Your questions sound suspicious like typical homework questions. However, this site is a Wireshark Q&A site, not the EHAS (emergency homework answering site).

we (I) will

help you to understand Wireshark
help you to understand certain aspects of protocols
give you hints how to solve your problem
be patient while you keep asking things

I (probably also we) will not (I say n-o-t)

give you the full answer to your homework questions, especially as you did not even care to politely ask for help and instead just posted the homework questions without any comment. Please read the FAQ!

So, if you are truly interested solve your homework with our help, you are welcome to

continue to ask questions, by adding comments to your initial question (see the FAQ).
tell us what you tried to solve your homework so far
tell us which problems you are facing
tell us where you need further help

Regards
Kurt

(09 Mar '14, 03:47) Kurt Knochner ♦

Aye. PAHERT ("Packet Analysis Homework Emergency Response Team") out. Oh wait, we're NOT the PAHERT. Right. :-)

(09 Mar '14, 07:52) Jasper ♦♦

pahert.com is still available. Hurry up ;-))

(09 Mar '14, 09:19) Kurt Knochner ♦

Here is a starting point (the Wireshark user guide): http://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Consider that a supplement to the homework assignment. :)

(09 Mar '14, 12:57) Quadratic