Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 1 Dec 2009 13:26:18 -0800


On Dec 1, 2009, at 12:46 PM, Boaz Galil wrote:
We are using old version of winpcap. In any case we are sure that there is traffic between this range (as we are getting in - wireshark without any filter). 

Download windump, if you haven't done so already, and then do
windump -d "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))" 

(where "x.x.x.x" is the IP address you used).
Then do a Wireshark/TShark capture without a filter, save it to a file, and then try
windump -r {the file name} "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))" 

and see if it reports anything.
  • References:
    • [Wireshark-users] UDP port range in Tshark
      • From: Boaz Galil
    • Re: [Wireshark-users] UDP port range in Tshark
      • From: Guy Harris
    • Re: [Wireshark-users] UDP port range in Tshark
      • From: Boaz Galil
  • Prev by Date: Re: [Wireshark-users] BACnet MS/TP
  • Next by Date: Re: [Wireshark-users] Slow database access **RESOLVED**
  • Previous by thread: Re: [Wireshark-users] UDP port range in Tshark
  • Next by thread: [Wireshark-users] question about exporting/filtering files
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation