On Tue, May 04, 2004 at 05:29:00PM +1000, lineone wrote:
> Can someone please point me in the right direction for capturing wbxml
> over http. I have the following in the capture filter "ip proto wbxml"
> and I get the "invalid capture filter".
It *is* an invalid capture filter. For one thing, "ip proto" refers to
protocols running directly atop IP - TCP and UDP do, but WBXML doesn't.
Furthermore...
> I looked in the tcpdump manpage and there is no reference to wbxml,
> yet ethereal says it is a supported protocol so how do I set it?
...a "supported protocol" in Ethereal is a protocol Ethereal can
dissect.
Not all of those protocols can have capture filters for them; the
capabilities of the software that handles capture filters is limited (in
many OSes, that software is in the kernel - the capabilities were
*deliberately* limited so that programs can't make the kernel loop
infinitely or crash by being handed a bad filter program).
In particular, the BPF pseudo-machine-language that implements capture
filters is not powerful enough to parse WAP packets to see whether the
packet data is WBXML.
At best, you could try looking for traffic on particular TCP or UDP port
numbers.
