Wireshark · Ethereal-dev: [Ethereal-dev] tethereal -d tcp.port==1234,http -c 5

Ethereal-dev: [Ethereal-dev] tethereal -d tcp.port==1234,http -c 5

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Durai" <mail_714@xxxxxxxxxxx>

Date: Thu, 3 Jun 2004 10:02:22 +0530

Hello All,

                I read in tethereal man page that,

-d tcp.port==8888,http will decode any traffic running over TCP port 8888 as
HTTP.

I did the above command over TCP port 1234 ( no process running or
listening ). But it capture the packets.

$ netstat -na | grep -E 1234
$ tethereal -d tcp.port==1234,http -c 5
Capturing on lan0
  0.000000 172.16.1.158 -> 172.16.1.26  TELNET Telnet Data ...
  0.002176 172.16.1.158 -> 172.16.1.26  TELNET Telnet Data ...
  0.002352 172.16.1.158 -> 172.16.1.26  TELNET Telnet Data ...
  0.002484 172.16.1.158 -> 172.16.1.26  TELNET Telnet Data ...
  0.002606  172.16.1.26 -> 172.16.1.158 TCP 1371 > telnet [ACK] Seq=0 Ack=9
Win=17241 Len=0 5 packets captured

Is there anything I did the wrong in the above command?


Regards,
Durai.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.692 / Virus Database: 453 - Release Date: 5/28/2004

Follow-Ups:
- Re: [Ethereal-dev] tethereal -d tcp.port==1234,http -c 5
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] PATCH: Better decoding of AIM Message block
Next by Date: Re: [Ethereal-dev] [PATCH] Disallow negative slice lengths
Previous by thread: [Ethereal-dev] Ethereal IP logging support
Next by thread: Re: [Ethereal-dev] tethereal -d tcp.port==1234,http -c 5
Index(es):
- Date
- Thread