Is that the expression ip.addr != 1.2.3.4 must be read as "the packetĬontains a field named ip.addr with a value different from 1.2.3.4".Īs an IP datagram contains both a source and a destination address, Source or destination IP address equals 1.2.3.4. Instead, that expression will even be true for packets where either
Then they use ip.addr != 1.2.3.4 to see all packets not containing the Often people use a filter string to display something like ip.addr =ġ.2.3.4 which will display all packets containing the IP address 1.2.3.4. Ip.addr, tcp.port, udp.port and alike will probably not work as Warning! Using the != operator on combined expressions like: eth.addr, The use of the NOT (!=) operator in Wireshark comes with a caveat, as mentioned in the
0 kommentar(er)
