Hi,
yes, that's what I did in the past but if I use this filter string I can only get the packet that lookup on my ethernet interface .... while I need to see all the packets that are not send to / comes from my eth interface subnet .
I did a port mirroring on a Layer3 switch so on the mirroring port I can see all the packets of some subnet and they will necessary not match my eth interface subnet .....
Thanks !
Marco
Da: wireshark-users-bounces@xxxxxxxxxxxxx
A: "Community support list for Wireshark" wireshark-users@xxxxxxxxxxxxx
Cc:
Data: Thu, 29 Apr 2010 14:09:46 +0200
Oggetto: Re: [Wireshark-users] pcap / winpcap filters
> Hi,
>
> Would that be a capture filter like: 'port 53 or port 5060'
>
> Thanks,
> Jaap
>
> On Thu, 29 Apr 2010 11:39:17 +0200, "marco\@marcomp\.it"
> wrote:
> > I need to filter some traffic (before capturing it) using the pcap /
> > winpcap filter but this traffic comes from some different subnet (
> > different from my eth interface subnet ).
> > So if I apply a filter the pcap show me the packet that can lookup on my
> > eth interface only ...
> > How can I get the filtered traffic that comes from "everywhere"
> > (0.0.0.0/0) ?
> >
> > I need to filter the data traffic before sending it to whireshark
> because
> > I only need to check the DNS and SIP traffic for a long time ( may be
> for
> > more than 1 week )... so I don't want to store Gbyte and Gbyte of not
> > helpful data on my pc.....
> >
> > Have you any suggestion ?
> >
> >
> > Marco
> >
> subscribe
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
