Wireshark · Wireshark-users: Re: [Wireshark-users] Value too large for defined data type

Wireshark-users: Re: [Wireshark-users] Value too large for defined data type

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>

Date: Wed, 5 Aug 2009 21:21:58 +0900

Hi,

cat big.cap | dumpcap -i- -w smaller.cap -b filesize:65536

I was wondering why the capture filter is not working as I expect. I want to dump only the packets that have a specific ip for src. I do it like this:

cat big.cap | dumpcap -i- -w smaller.cap -b filesize:65536 -f "src host 1.2.3.4"

But somehow all the packets are dumped anyway. Am I misunderstanding something?

Thank you,
Andrej

Follow-Ups:
- Re: [Wireshark-users] Value too large for defined data type
  - From: Andrej van der Zee

References:
- [Wireshark-users] Value too large for defined data type
  - From: Andrej van der Zee
- Re: [Wireshark-users] Value too large for defined data type
  - From: Sake Blok
- Re: [Wireshark-users] Value too large for defined data type
  - From: Andrej van der Zee

Prev by Date: Re: [Wireshark-users] find local IP from cap-file
Next by Date: Re: [Wireshark-users] Value too large for defined data type
Previous by thread: Re: [Wireshark-users] Value too large for defined data type
Next by thread: Re: [Wireshark-users] Value too large for defined data type
Index(es):
- Date
- Thread