Wireshark mailing list archives
Re: -d option does not listen to the port I choose
From: Bill Meier <wmeier () newsguy com>
Date: Thu, 02 Sep 2010 23:29:31 -0400
James Hozier wrote:
tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R 'irc'
When I start to see the packets on my screen, they are from port 6667,
not from port 7001. Anything from port 7001 I do not see, but it listens
to port 6667 for some reason? Why does it do this?
-d ... means decode any traffic on tcp port 7001 as irc;
(it does *not* mean 'listen on this port)
-R .. means filter on irc packets.
So: I think the above means filter on irc:
- on port 6667 which is the normal tcp port for irc
(from looking at the irc dissector code);
- and on on port 7001;
If you want to just see port 7001 traffic you should use
-R 'tcp.port==7001'
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Sake Blok (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)