Wireshark mailing list archives
Re: src host capture filter not working
From: "Jeff Liegel" <jliegel () italkglobal com>
Date: Wed, 13 Jan 2010 09:05:45 -0600
That worked, thanks so much. -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Guy Harris Sent: Tuesday, January 12, 2010 10:32 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] src host capture filter not working Importance: High On Jan 12, 2010, at 2:35 PM, Jeff Liegel wrote:
Hi. I desperately need to see packets coming from OR going to ip
207.35.208.194 using capture filter
Works fine with display filter only but this is a really busy network
and I need to ultimately save the capture to a file thus need a capture
filter.
The Wireshark display filter code, for the filter "ip.dst ==
207.35.208.194 or ip.src == 207.35.208.194", looks for IP addresses
wherever they appear in the packet.
The libpcap/WinPcap capture filter code, for the filter "host
207.35.208.194", generates BPF code that looks for IP addresses under
the assumption that there are no VLAN headers. The packets not being
seen have VLAN headers.
The filter
host 207.35.208.194 or (vlan and host 207.35.208.194)
(you will need to quote that if you put it on the command line) sees all
the packets in the file; it will check for IP addresses with no VLAN
headers or with one level of VLAN header.
________________________________________________________________________
___
Sent via: Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Forthofer Russ (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Guy Harris (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Sake Blok (Jan 13)
- <Possible follow-ups>
- src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Forthofer Russ (Jan 12)