Wireshark · Ethereal-users: Re: [Ethereal-users] Feature for NAT Capture Filter

Ethereal-users: Re: [Ethereal-users] Feature for NAT Capture Filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sat, 30 Apr 2005 15:14:17 -0700

Al Stu wrote:

I would like to use Ethereal to capture packets of traffic not matchinga request from the NAT.So if Ethereal was to see a packet from 1.2.3.4 port 3597 but Etherealhad not seen a request from the NAT matching this (within last nseconds), then it would capture that packet.

The capture filter mechanism in many OSes (as used by libpcap) and inlibpcap is stateless and has no notion of timeouts, so a filter of thetype you describe can't be implemented as a regular capture filter.

It might be possible to implement it in Ethereal, so that it'd captureall packets and discard the uninteresting ones in user space.

What do you mean by "request from the NAT"? If you're sniffing on theWAN side of the NAT, do you mean "packet from a host behind the NAT"?

Follow-Ups:
- Re: [Ethereal-users] Feature for NAT Capture Filter
  - From: Al Stu

References:
- [Ethereal-users] Feature for NAT Capture Filter
  - From: Al Stu
- Re: [Ethereal-users] Feature for NAT Capture Filter
  - From: Ulf Lamping
- Re: [Ethereal-users] Feature for NAT Capture Filter
  - From: Al Stu

Prev by Date: [Ethereal-users] Support
Next by Date: Re: [Ethereal-users] Personal Configuration File location
Previous by thread: Re: [Ethereal-users] Feature for NAT Capture Filter
Next by thread: Re: [Ethereal-users] Feature for NAT Capture Filter
Index(es):
- Date
- Thread