Wireshark mailing list archives

Re: Need filters

From: "David H. Lipman" <DLipman () Verizon Net>
Date: Tue, 22 Jun 2010 18:28:26 -0400

From: "Guy Harris" <guy () alum mit edu>


| On Jun 22, 2010, at 2:44 PM, David H. Lipman wrote:

I attached two PCAP files in a ZIP file with data that we do NOT need to
see in a resultant report.


| dump.pcap and dump1.pcap have a bunch of NBNS traffic; try the filter "not 
udp port
| 137".  That's not SMB - that's either TCP port 139 or TCP port 445, 
possibly with some
| UDP port 138 stuff, too, so "not udp port 137" should filter out the stuff 
in your two
| capture files without filtering out SMB traffic.



What do I need to provide the site owner to implement the rule(s) on his 
server ? 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: Need filters David H. Lipman (Jun 22)
- Re: Need filters Guy Harris (Jun 22)
  - Re: Need filters David H. Lipman (Jun 22)
    - Re: Need filters Guy Harris (Jun 22)
    - Re: Need filters David H. Lipman (Jun 22)
    - Re: Need filters bart sikkes (Jun 22)
    - Re: Need filters David H. Lipman (Jun 23)
    - Re: Need filters M K (Jun 27)
    - Re: Need filters David H. Lipman (Jun 27)
    - Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)
    - Re: Which is the stable version for wireshark ? Jaap Keuter (Jun 27)
    - Re: Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)
    - Re: Need filters David H. Lipman (Jun 23)

(Thread continues...)