Wireshark · Wireshark-users: Re: [Wireshark-users] Need filters

Wireshark-users: Re: [Wireshark-users] Need filters

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 22 Jun 2010 15:09:40 -0700

On Jun 22, 2010, at 2:44 PM, David H. Lipman wrote:

> I attached two PCAP files in a ZIP file with data that we do NOT need to 
> see in a resultant report.

dump.pcap and dump1.pcap have a bunch of NBNS traffic; try the filter "not udp port 137".  That's not SMB - that's either TCP port 139 or TCP port 445, possibly with some UDP port 138 stuff, too, so "not udp port 137" should filter out the stuff in your two capture files without filtering out SMB traffic.

Follow-Ups:
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman

References:
- [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman

Prev by Date: Re: [Wireshark-users] Need filters
Next by Date: Re: [Wireshark-users] Need filters
Previous by thread: Re: [Wireshark-users] Need filters
Next by thread: Re: [Wireshark-users] Need filters
Index(es):
- Date
- Thread