tcpdump mailing list archives
Convert Wireshark Filterstring to winpcap filter
From: <peter.kindl () orf at>
Date: Thu, 8 Oct 2009 12:59:32 +0200
Hi! I've two questions: 1.) I'd urgently need help/advice of how the following filter string has to be to be set as winpcap filter-string: I can't find any working string for the protocols. "eth src 00:0e:0C:76:86:5e" is working. Thanks for any reply and help My filter in wireshark: ((eth.src == 00:0e:0c:76:86:5e)&&!(frame.protocols=="eth:llc"))&&!(frame.protocols="e th:ans") 2.) Could someone tell me, how to reassemble Netbios Datagrams protocol:DCERPC? How does wireshark and co. know, the amount of frames, total size.... Once more thanks for any helpt and reply!!!!!! P.S.: if someone nees winpcap in realbasic....i'm working on it since 2 years ;-) - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Convert Wireshark Filterstring to winpcap filter peter.kindl (Oct 08)
- Re: Convert Wireshark Filterstring to winpcap filter Guy Harris (Oct 09)