1
I use wireshark to watch a captured pcap file. I see a lot of communication on a specific port, that I am not interessted in, so i want to filter it to see only the rest of the communication.
I used this filter rule: tcp.dstport != 1337 and tcp.srcport != 1337
to remove all tcp communication on port 1337. But as it seems this rule also removes all non TCP traffic. For example DNS requests are not shown anymore.
If i change the filter to (tcp.dstport != 1337 and tcp.srcport != 1337) or ! tcp
it shows all traffic except port 1337/tcp but it does not seems to be the "correct" way to do it. Is using tcp.dstport
or tcp.srcport
equal to filter only tcp traffic and then filtering the port?