Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 1 Dec 2009 12:34:45 -0800


On Dec 1, 2009, at 9:26 AM, Boaz Galil wrote:
The problem is when I want to use the same command for UDP e.g : “" -f "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))" I am not getting any error but I am also not getting any results inside the packet capture file.
Are you getting any traffic to or from UDP ports 20 through 80 on your network?
(BTW, newer versions of libpcap support "host x.x.x.x and {tcp,udp} portrange 20-80".)
  • Follow-Ups:
    • Re: [Wireshark-users] UDP port range in Tshark
      • From: Boaz Galil
  • References:
    • [Wireshark-users] UDP port range in Tshark
      • From: Boaz Galil
  • Prev by Date: Re: [Wireshark-users] Slow database access
  • Next by Date: Re: [Wireshark-users] UDP port range in Tshark
  • Previous by thread: [Wireshark-users] UDP port range in Tshark
  • Next by thread: Re: [Wireshark-users] UDP port range in Tshark
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation