Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Capture Specific Ports

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Les Bowditch" <les.bowditch@xxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2007 07:26:40 -0600

Good morning,

 

I am using the following syntax in an attempt to do the following:

 

Syntax:

 

/usr/local/bin/tshark -w /home/active_cap/ -d tcp.port==5060,sip -d tcp.port==68

01,http -d tcp.port==6802,http -d tcp.port==6800,http -b duration:900 -b filesize

:50000 -i vr0

 

Goals:

1)       Write only packets destined to/from port 5060, 6800, 6801 and 6802 (Preferably without decoding the packet)

2)       The file should roll-over after 900 seconds or 50mbytes

 

 

Currently, the above syntax is capturing _everything_, not just the specified ports.  Is the syntax incorrect, or is tshark not capable of doing what I want?

 

Thanks,

 

Les

  • Follow-Ups:
    • Re: [Wireshark-users] Capture Specific Ports
      • From: Guy Harris
  • Prev by Date: Re: [Wireshark-users] Saving the statistics to a file
  • Next by Date: [Wireshark-users] Capturing local traffic on Windows XP
  • Previous by thread: [Wireshark-users] ppoe password
  • Next by thread: Re: [Wireshark-users] Capture Specific Ports
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation