problem in creating wireshark filtering formula

I am stuck at creating wireshark filter to remove all these from showing up.

The current filter that I have is below, and i no idea how to further enhance it.

http.request.method == "POST" || http.request.method == "PUT" || http.request.method == "GET"

How to filter out these?

  a. TCP Retransmission  
  b. TCP Spurious Retransmission  
  c. TCP Out-of-Order  
  d. with content ending IGD.xml  
  e. GET / HTTP/1.0 without query string url.

Photo attached.

alt text

filter capture wireshark

asked 15 Feb '15, 23:35

packetguy
11●1●1●3
accept rate: 0%

edited 16 Feb '15, 06:08

Kurt Knochner ♦
24.8k●10●39●237

One Answer:

active answers oldest answers newest answers popular answers

Please try this:

http.request and not (tcp.analysis.flags or http contains "GET / HTTP/1" or http contains "IGD.xml HTTP/1")

http.request (without method) because you listed the most common requests anyway.

Regards
Kurt

permanent link

answered 16 Feb '15, 06:08

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

wireshark ×1,620
capture ×549
filter ×349

question asked: 15 Feb '15, 23:35

question was seen: 1,253 times

last updated: 16 Feb '15, 06:08

problem in creating wireshark filtering formula

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions