Hi,
Would that be a capture filter like: 'port 53 or port 5060'
Thanks,
Jaap
On Thu, 29 Apr 2010 11:39:17 +0200, "marco\@marcomp\.it"
<marco@xxxxxxxxxx> wrote:
> I need to filter some traffic (before capturing it) using the pcap /
> winpcap filter but this traffic comes from some different subnet (
> different from my eth interface subnet ).
> So if I apply a filter the pcap show me the packet that can lookup on my
> eth interface only ...
> How can I get the filtered traffic that comes from "everywhere"
> (0.0.0.0/0) ?
>
> I need to filter the data traffic before sending it to whireshark
because
> I only need to check the DNS and SIP traffic for a long time ( may be
for
> more than 1 week )... so I don't want to store Gbyte and Gbyte of not
> helpful data on my pc.....
>
> Have you any suggestion ?
>
>
> Marco
>
subscribe
