Filter Syntax

The filter syntax used is the same as tcpdump or libpcap. For an example, see https://wiki.wireshark.org/CaptureFilters.

The following filters are also known as BPF filters:

  • (tcp port 5060)
  • ((udp or tcp) and port 5060)
  • (vlan (udp or tcp) and port 5060)
  • (tcp portrange 5060-5070)
  • (not port 5060)
  • (host 10.10.0.5 and port 5060)
  • (not host 10.10.0.5 and port 5060)
  • (not ether dst 12:34:56:78:90:ab)

Entries with a vlan keyword must be included for networks using VLANs. It is harmless to include them on networks which don't use VLANs, but do make sure there is a separate identical filter without the vlan. For example, (tcp port 5060) or (vlan and tcp port 5060).

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents