Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Capture filter for ARP, DNS and PING

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 06 Jan 2008 14:28:23 -0800

nilay yildirim wrote:


How can I set up a capture filter just to capture ARP, DNS and PING?
"DNS" generally means "traffic to or from the Domain Name System port", and "PING" generally means "ICMP Echo and Echo Reply packets", so:
arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply
  • Follow-Ups:
    • Re: [Wireshark-users] Capture filter for ARP, DNS and PING
      • From: nilay yildirim
  • References:
    • [Wireshark-users] Capture filter for ARP, DNS and PING
      • From: nilay yildirim
  • Prev by Date: Re: [Wireshark-users] HTTPS sniffing ?
  • Next by Date: [Wireshark-users] [FIXED] Can't find USB device
  • Previous by thread: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
  • Next by thread: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation