Wireshark-users: Re: [Wireshark-users] Colorize Conversation - except for SYN/FIN
From: Prigge Scott <PriggeScottM@xxxxxxxxxxxxx>
Date: Fri, 16 Dec 2011 10:26:57 -0600
> Due to certain fields like ip.addr, in general it is not advisable to use
> expressions of the form, "(field != value)".  Rather, using an expression of
> the form, "!(field == value)", is preferred to avoid any unintended consequences,
> and that is the reason the coloring rule is yellow instead of green.

This is my new filter after having read your feedback - this one is green.
tcp.stream eq 7 && (!(tcp.flags & 0x02) || (!(tcp.flags.fin == 1)))

Thanks for the reference!