This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

problem in creating wireshark filtering formula

0

I am stuck at creating wireshark filter to remove all these from showing up.

The current filter that I have is below, and i no idea how to further enhance it.

http.request.method == "POST" || http.request.method == "PUT" || http.request.method == "GET"

How to filter out these?

  a. TCP Retransmission  
  b. TCP Spurious Retransmission  
  c. TCP Out-of-Order  
  d. with content ending IGD.xml  
  e. GET / HTTP/1.0 without query string url.

Photo attached.

alt text

asked 15 Feb '15, 23:35

packetguy's gravatar image

packetguy
11113
accept rate: 0%

edited 16 Feb '15, 06:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

1

Please try this:

http.request and not (tcp.analysis.flags or http contains "GET / HTTP/1" or http contains "IGD.xml HTTP/1")

http.request (without method) because you listed the most common requests anyway.

Regards
Kurt

answered 16 Feb '15, 06:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%