Basically what I want is to stop displaying packets from a host if I have earlier received a packet from it. This will not only decrease the size of output but also make analyzing packets much more convenient. Is there a way to do this ? asked 19 Jun '15, 05:17  Backspace |
One Answer:
Both capture filters and display filters are stateless, so they can't remember that a packet has been seen from a given host and either discard or filter out subsequent packets from the host. There's no other mechanism I know of in Wireshark to do what you want. answered 19 Jun '15, 17:34  Guy Harris ♦♦ |
So I assume you need a display filter which excludes the host from displaying. Have you tried a filter like this: