Wireshark mailing list archives

Re: Need filters

From: Guy Harris <guy () alum mit edu>
Date: Tue, 22 Jun 2010 15:09:40 -0700


On Jun 22, 2010, at 2:44 PM, David H. Lipman wrote:

I attached two PCAP files in a ZIP file with data that we do NOT need to 
see in a resultant report.


dump.pcap and dump1.pcap have a bunch of NBNS traffic; try the filter "not udp port 137".  That's not SMB - that's 
either TCP port 139 or TCP port 445, possibly with some UDP port 138 stuff, too, so "not udp port 137" should filter 
out the stuff in your two capture files without filtering out SMB traffic.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: Need filters David H. Lipman (Jun 22)
- Re: Need filters Guy Harris (Jun 22)
  - Re: Need filters David H. Lipman (Jun 22)
    - Re: Need filters Guy Harris (Jun 22)
    - Re: Need filters David H. Lipman (Jun 22)
    - Re: Need filters bart sikkes (Jun 22)
    - Re: Need filters David H. Lipman (Jun 23)
    - Re: Need filters M K (Jun 27)
    - Re: Need filters David H. Lipman (Jun 27)
    - Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)
    - Re: Which is the stable version for wireshark ? Jaap Keuter (Jun 27)
    - Re: Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)

(Thread continues...)