In Wireshark version 1.12.4, I am trying to filter out packet messages with an SSDP protocol. When I clicked the Expression button next to the Filter field, and selected "HTTP" (as Field Name) and "is present" (as Relation), I still get SSDP. Most of the messages are SSDP, so it's difficult to troubleshoot request and response packets I care about with SSDP in the list.
How to the SSDP protocol be filtered out of Wireshark view
filterssdpwireshark
Best Answer
SSDP is implemented as a protocol that runs on top of HTTP-over-UDP, so the filter "http" will match SSDP packets. The filter "http and not udp" should eliminate SSDP packets; it will also, obviously, eliminate other HTTP-over-UDP packets, but I'm not sure there will ever be any HTTP-over-UDP packets that aren't SSDP packets.