UDP port range in Tshark

[Boaz Galil <boaz20 () gmail com>]

Hi Experts,


I want to run Tshark command that will capture packets according to port
range.

When I am using the filter " -f "host x.x.x.x  and  ((tcp [2:2] >= 20 and
tcp [2:2] <= 80) or (tcp [0:2] >= 20 and  tcp [0:2] <= 80))" I am capturing
the TCP packets with no problems.



The problem is  when I want to use the same command for UDP e.g : “" -f
"host x.x.x.x  and  ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >=
20 and  udp [0:2] <= 80))" I am not getting any error but I am also not
getting any results inside the packet capture file.


-- 
Boaz.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe