Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap filter for ingress egress selection

From: Sake Blok <sake () euronet nl>
Date: Sat, 2 Jul 2011 10:00:44 +0200
On 24 jun 2011, at 11:10, Oguz Yilmaz wrote:


Are there any pcap filter for selecting packets according to their
direction. My solution was using "ether dst" or "ether src". hoıwever
this depends on knowing MAC address of the interface. I want to ask
whteter there is another way of selection of ingress and egresss
packets seperately.


The pcap format does not provide means to store the direction of a packet (or the interface on which it was captured). 
So when using pcap files, you will have to filter by mac-addresses and/or IP addresses. This does however mean you have 
to know the topology of the network.

In pcap-ng, I think there is the possibility to store interface and direction information. But AFAIK this has not been 
implemented in Wireshark yet (pcap-ng support is slowly increasing in Wireshark).

Hope this helps,
Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: