Page 1 of 1

How to creat filters with filter bar ?

Posted: Sat Apr 23, 2011 4:01 am
by cara
I have a question about how to creat filters with filter bar ? there is no related instructions for filter expressions in the help file.I need to know the detail rules of expression,where can I get it?

RE: How to creat filters with filter bar ?

Posted: Sun Apr 24, 2011 9:17 am
by DigiAngel
I completely agree...to be honest OmniPeek's filtering leaves much to be desired compared to say WireShark. Even copying and pasting OmniPeek's example from the manual doesn't work:

addr(ethernet:'3com:*.*.*')

Gives me:

Syntax error: Unable to parse address "3com:*.*.*"

Pretty lame considering that this is straight out of the manual.

RE: RE: How to creat filters with filter bar ?

Posted: Mon Apr 25, 2011 8:13 am
by DJWP
Information on the Filter Bar syntax can indeed be found on page 105 of the OmniPeek Users Guide which is installed with OmniPeek. It is a proprietary syntax.

Re: How to creat filters with filter bar ?

Posted: Thu Jun 26, 2014 1:19 pm
by mharing
addr(ethernet:'*.*.*.*.*.*')

where * represents either a variable or a peice of the MAC address. For example:

addr(ethernet:'*.*.*.*.*.5A')

This would be used to filter the MAC address ending in 5A.