ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] libpcap support for capturing DCCP packets withspecific port

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Thu, 10 Sep 2009 14:52:03 -0400
A more robust filter that does not rely on fixed-length IP headers:

(dst 192.168.1.30) && (ip[9]==33) && (ip[((ip[0]&0x0f)<<2):2]==40001)

I did not test this exact filter but one very close to it for capturing
GRE packets where ip[9]==47 and a different 2-byte field match within
the GRE header.

- Chris

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Thursday, September 10, 2009 2:32 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] libpcap support for capturing DCCP
packets
> withspecific port?
> 
> 
> On Sep 10, 2009, at 12:50 AM, Ktawut T.Pijarn wrote:
> 
> > Dear all the experts on pcap/wireshark
> 
> The official place to reach the experts on pcap is tcpdump-
> workers@xxxxxxxxxxx
>   (tcpdump and libpcap both come from the same group).
> 
> However, there are core libpcap developers who are also core Wireshark
> developers, so some of us will see them either way.
> 
> > So, is there a special syntax for pcap to specify the DCCP port, if
> > that is
> > available at all?
> 
> Unfortunately, there currently isn't any DCCP capture filter support
> in libpcap.
> 
> I'll look at adding it at some point, but it probably won't be in any
> release soon.  (Neither libpcap nor tcpdump nor Wireshark are my day
> job, and there's a bunch of other stuff going on as well.)
> 
> Chris Maynard's workaround is worth trying.
>
_______________________________________________________________________
> ____
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube