Revision history  [back]

Hello,

I'm trying to get an understanding of what is actually being applied to the filter when using quick terms such as tcp.

E.g. if I filter "tcp", is it actually filtering ip.proto==0x06?

I am getting different packet counts for each of these filters and I would like to know if there is a document that contains this type of information for these quick reference type of filters.

Thank you for your help.

Edit: Another example is something like ipv6 vs ip.version==6

Edit 2: I wanted to mention that I am looking for a resource or tool that would help me dissect a display filter. I've used dumpcap -d -f <display filter>, but not exactly what I'm looking for.

Hello,

I'm trying to get an understanding of what is actually being applied to the filter when using quick terms such as tcp.

E.g. if I filter "tcp", is it actually filtering ip.proto==0x06?

I am getting different packet counts for each of these filters and I would like to know if there is a document that contains this type of information for these quick reference type of filters.

Thank you for your help.

Edit: Another example is something like ipv6 vs ip.version==6

Hello,

I'm trying to get an understanding of what is actually being applied to the filter when using quick terms such as tcp.

E.g. if I filter "tcp", is it actually filtering ip.proto==0x06?

I am getting different packet counts for each of these filters and I would like to know if there is a document that contains this type of information for these quick reference type of filters.

Thank you for your help.