Wireshark mailing list archives
Re: pcap / winpcap filters
From: "marco\@marcomp\.it" <marco () marcomp it>
Date: Thu, 29 Apr 2010 14:49:17 +0200
Hi, yes, that's what I did in the past but if I use this filter string I can only get the packet that lookup on my ethernet interface .... while I need to see all the packets that are not send to / comes from my eth interface subnet . I did a port mirroring on a Layer3 switch so on the mirroring port I can see all the packets of some subnet and they will necessary not match my eth interface subnet .....Thanks ! Marco Da: wireshark-users-bounces () wireshark org A: "Community support list for Wireshark" wireshark-users () wireshark org Cc: Data: Thu, 29 Apr 2010 14:09:46 +0200 Oggetto: Re: [Wireshark-users] pcap / winpcap filters
Hi, Would that be a capture filter like: 'port 53 or port 5060' Thanks, Jaap On Thu, 29 Apr 2010 11:39:17 +0200, "marco\@marcomp\.it" wrote:I need to filter some traffic (before capturing it) using the pcap / winpcap filter but this traffic comes from some different subnet ( different from my eth interface subnet ). So if I apply a filter the pcap show me the packet that can lookup on my eth interface only ... How can I get the filtered traffic that comes from "everywhere" (0.0.0.0/0) ? I need to filter the data traffic before sending it to whiresharkbecauseI only need to check the DNS and SIP traffic for a long time ( may beformore than 1 week )... so I don't want to store Gbyte and Gbyte of not helpful data on my pc..... Have you any suggestion ? Marcosubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- pcap / winpcap filters marco () marcomp it (Apr 29)
- Re: pcap / winpcap filters Jaap Keuter (Apr 29)
- <Possible follow-ups>
- Re: pcap / winpcap filters marco () marcomp it (Apr 29)
- Re: pcap / winpcap filters RUOFF, LARS (LARS)** CTR ** (Apr 29)
- Re: pcap / winpcap filters marco () marcomp it (Apr 29)
- Re: pcap / winpcap filters Sake Blok (Apr 29)
- Re: pcap / winpcap filters marco () marcomp it (Apr 29)
- Re: pcap / winpcap filters Maynard, Chris (Apr 29)
- Re: pcap / winpcap filters Sake Blok (Apr 29)
- Re: pcap / winpcap filters marco () marcomp it (Apr 30)
- Re: pcap / winpcap filters Sake Blok (Apr 30)