Wireshark · Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 1 Dec 2009 13:26:18 -0800


On Dec 1, 2009, at 12:46 PM, Boaz Galil wrote:

We are using old version of winpcap. In any case we are sure thatthere is traffic between this range (as we are getting in -wireshark without any filter).


Download windump, if you haven't done so already, and then do

windump -d "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80)or (udp [0:2] >= 20 and udp [0:2] <= 80))"


(where "x.x.x.x" is the IP address you used).

Then do a Wireshark/TShark capture without a filter, save it to afile, and then try

windump -r {the file name} "host x.x.x.x and ((udp [2:2] >= 20 andudp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))"


and see if it reports anything.

References:
- [Wireshark-users] UDP port range in Tshark
  - From: Boaz Galil
- Re: [Wireshark-users] UDP port range in Tshark
  - From: Guy Harris
- Re: [Wireshark-users] UDP port range in Tshark
  - From: Boaz Galil

Prev by Date: Re: [Wireshark-users] BACnet MS/TP
Next by Date: Re: [Wireshark-users] Slow database access **RESOLVED**
Previous by thread: Re: [Wireshark-users] UDP port range in Tshark
Next by thread: [Wireshark-users] question about exporting/filtering files
Index(es):
- Date
- Thread