 += Notes, Tips & Tricks: WireShark
 +This is a notes page, extended with tips & tricks. This page is not really documentation,​ just stuff for me to remember. Sometimes things will get removed from these pages and turned into real documentation,​ sometimes not. You might find these notes to come in hand, maybe not. For me, it's just things I don't want to forget.
 +== Trace in Linux ==
 +tcpdump -w /​tmp/​tracefile
 +You can end the trace using <​ctrl>​ + c, after which you can open the file using wireshark.
 +== Display Filters ==
 +* Only IP-address
 +** ip.addr ==
 +* Everything except IP-address
 +** !(ip.addr == ​
 +* Everything except DNS and NTP
 +** !(udp.port == 53) and !(udp.port == 123)
 +{{tag>​notes network tools}}
