Wireshark mailing list archives
Re: -d option does not listen to the port I choose
From: Sake Blok <sake () euronet nl>
Date: Fri, 3 Sep 2010 07:34:15 +0200
On 3 sep 2010, at 06:26, James Hozier wrote:
tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R'irc'When I start to see the packets on my screen, they arefrom port 6667,not from port 7001. Anything from port 7001 I do notsee, but it listensto port 6667 for some reason? Why does it do this?-d ... means decode any traffic on tcp port 7001 as irc; (it does *not* mean 'listen on this port) -R .. means filter on irc packets. If you want to just see port 7001 traffic you should use -R 'tcp.port==7001'Okay so then I have this: tshark -i en1 -tad -lnx -R 'tcp.port==7001' How do I specify IRC only? And not other packets?
Combine the two: tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R "tcp.port==7001 && irc" This command will interpret traffic on poort 7001 as IRC (-d tcp.port==7001,irc) and then use a display filter to only show traffic that was on port 7001 (-R "tcp.port==7001...), but only those packets that are dissected as IRC (...&& irc"). Hope this helps, Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Sake Blok (Sep 02)
- Re: -d option does not listen to the port I choose James Hozier (Sep 02)
- Re: -d option does not listen to the port I choose Bill Meier (Sep 02)