Wireshark · Wireshark-users: [Wireshark-users] SYN Capture Filter issue

Wireshark-users: [Wireshark-users] SYN Capture Filter issue

From: "Bland Chuck-CNGR85" <Chuck.Bland@xxxxxxxxxxxx>

Date: Tue, 17 Feb 2009 12:35:00 -0500

Title: SYN Capture Filter issue

WS Version 1.0.5 (SVN Rev 26954)

Capture Filter: "tcp[13] & 0x02 = 2" (no quotes)

Attached: small capture file
<<SYN Filter Test.pcap>>
I get mostly SYN packets, but I also get more than a few DCERPC and TELNET packets that do not have the SYN flag set.

When I examine each datagram, the TCP Flag field is always in the same place. In the case of the DCERPC and TELNET packets, the flag value is 0x18, so it should fail the filter test.

Is there an explanation or is this a bug in the filter?

Chuck Bland

Attachment: SYN Filter Test.pcap
Description: SYN Filter Test.pcap

Follow-Ups:
- Re: [Wireshark-users] SYN Capture Filter issue
  - From: Bill Meier
- Re: [Wireshark-users] SYN Capture Filter issue
  - From: j . snelders
- Re: [Wireshark-users] SYN Capture Filter issue
  - From: Guy Harris

Prev by Date: [Wireshark-users] Scan to email Issue
Next by Date: Re: [Wireshark-users] SYN Capture Filter issue
Previous by thread: [Wireshark-users] Scan to email Issue
Next by thread: Re: [Wireshark-users] SYN Capture Filter issue
Index(es):
- Date
- Thread