Score:1

Wireshark != doesn't work like it did before version 3.6

ke flag

I use the filter ip.addr != 10.0.0.0/8 && !(ip.addr == 224.0.0.0/3) to identify any traffic between our network and the outside (and also exclude class-D address space). This filter no longer works.

It does work if I write it as ip && (!(ip.src == 10.0.0.0/8) || !(ip.dst == 10.0.0.0/8)) && !(ip.addr == 224.0.0.0/3) but I need to add ip and explicitly consider both the source and destination.

Score:3
ke flag

ip.addr is a multi-value field and is equivalent to ip.src || ip.dst

Prior to version 3.6, ip.addr != 10.0.0.0/8 would be interpreted as (ip.src != 10.0.0.0/8 || ip.dst != 10.0.0.0/8).

Version 3.6 renamed the != to ~= and changed the meaning of != to now mean !(field == value). This means that ip.addr != 10.0.0.0/8 now becomes !(ip.addr == 10.0.0.0/8).

This change effectively changes the logic from an OR to AND: !(ip.src == 10.0.0.0/8) && !(ip.dst == 10.0.0.0/8) [boolean logic: !(A+B) = !A*!B ]

Use ~= instead of != for version 3.6 or newer.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.