Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] T-Shark capture filter question

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Steve Evans <sc_evans@xxxxxxxxx>
Date: Wed, 31 Aug 2011 15:29:24 -0700 (PDT)

I'm trying to use T-shark to capture my Cisco wireless access point traffic in sniffer mode. In accordance I need to accept packets from UDP port 5555 and decode it as udp.port==5000,airopeek. Its easy enough to do in the gui but T-shark complains about my capture filter.

My filter:
tshark -i 1 -f "udp.srcport == 5555" -b filesize:20480 -b files:2 -d udp.port==5000,airopeek -w wfn-sniffed.cap

In summary, I need to take packets from udp port 555 and decode them as udp 5000 airopeek, all using t-shark.


/Steve
  • Follow-Ups:
    • Re: [Wireshark-users] T-Shark capture filter question
      • From: Guy Harris
  • Prev by Date: [Wireshark-users] Missing bytes in capture file
  • Next by Date: Re: [Wireshark-users] T-Shark capture filter question
  • Previous by thread: [Wireshark-users] Missing bytes in capture file
  • Next by thread: Re: [Wireshark-users] T-Shark capture filter question
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation