Wireshark · Ethereal-users: Re: [Ethereal-users] capture filter and greater than operand

Ethereal-users: Re: [Ethereal-users] capture filter and greater than operand

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Wed, 13 Jul 2005 19:49:18 +0200


John Que <qwejohn@xxxxxxxxx>, Ethereal user support <ethereal-users@xxxxxxxxxxxx> schrieb am 13.07.05 17:49:54:
> 
> Hello, 
> Is there a way to define in a capture filter so that it will  catch
> packets in a range of
> ports (like port is greater than 1000 an less than 1010)? 
> 
>  (I know to do it in a Display Filter, but trying port > 1000 or port
> gt 1000 fails
> with a syntax error in capture filter).
> 

You may try:

(tcp[0:2] > 1000 and tcp[0:2] < 1010) or (tcp[2:2] > 1000 and tcp[2:2] < 1010)

Explanation:

tcp[0:2] is the source port field in TCP (offset 0, length 2)
tcp[2:2] is the destination port field in TCP

I didn't tried it myself, so please report success or failure. If successful, I can add this filter string to the wiki.

Regards, ULFL

______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193

Follow-Ups:
- Re: [Ethereal-users] capture filter and greater than operand
  - From: John Que

Prev by Date: Re: [Ethereal-users] Question
Next by Date: Re: [Ethereal-users] I am trying to make ethereal capture traffic....
Previous by thread: [Ethereal-users] capture filter and greater than operand
Next by thread: Re: [Ethereal-users] capture filter and greater than operand
Index(es):
- Date
- Thread