Wireshark mailing list archives
Re: -d option does not listen to the port I choose
From: James Hozier <guitarscn1 () yahoo com>
Date: Thu, 2 Sep 2010 21:26:32 -0700 (PDT)
From: Bill Meier <wmeier () newsguy com> Subject: Re: [Wireshark-users] -d option does not listen to the port I choose To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Friday, September 3, 2010, 3:29 AM James Hozier wrote:tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R'irc'When I start to see the packets on my screen, they arefrom port 6667,not from port 7001. Anything from port 7001 I do notsee, but it listensto port 6667 for some reason? Why does it do this?-d ... means decode any traffic on tcp port 7001 as irc; (it does *not* mean 'listen on this port) -R .. means filter on irc packets. So: I think the above means filter on irc: - on port 6667 which is the normal tcp port for irc (from looking at the irc dissector code); - and on on port 7001; If you want to just see port 7001 traffic you should use -R 'tcp.port==7001'
Okay so then I have this:
tshark -i en1 -tad -lnx -R 'tcp.port==7001'
How do I specify IRC only? And not other packets?
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Sake Blok (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)