Re: Wireshark Capture Filter Using Offset

["j.snelders" <j.snelders () telfort nl>]

I think  the capture filter should be (but can't test it right now):
dns[2:2]==0x2800

http://wiki.wireshark.org/CaptureFilters
http://procana.homeunix.com/#BON

My best
Joke

On Mon, 19 Jul 2010 17:27:09 -0400 George E Burns wrote:
> Hello,
>
> I have a question regarding "capture" filters.  Specifically, I need to

> write a low level filter that will capture dynamic DNS update packets 
> containing the opcode value of 0x05.  I know what the offset value is 
> (0x2C and 0x2D) in the payload, but apparently I am missing something when
>
> trying to understand the correct "tcp dump" syntax to use as part of the
>
> capture filter in Wireshark. 
>
> Capture Filter:         udp[2c] == 28 and udp[2d] == 00
>
>
> Any input is greatly appreciated!
>
>
> Thanks,
> geburns
> --------------------------------------------------
> This e-mail contains information which may be privileged, confidential,
proprietary,
> trade secret and/or otherwise legally protected. If you are not the intended
> recipient, please do not distribute this e-mail. Instead, please delete
this
> e-mail from your system, and notify us that you received it in error. No
> waiver of any applicable privileges or legal protections is intended (and
> nothing herein shall constitute such a waiver), and all rights are reserved.


       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe