Wireshark mailing list archives
Re: src host capture filter not working
From: "Jeff Liegel" <jliegel () italkglobal com>
Date: Wed, 13 Jan 2010 09:05:45 -0600
That worked, thanks so much. -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Guy Harris Sent: Tuesday, January 12, 2010 10:32 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] src host capture filter not working Importance: High On Jan 12, 2010, at 2:35 PM, Jeff Liegel wrote:
Hi. I desperately need to see packets coming from OR going to ip
207.35.208.194 using capture filter
Works fine with display filter only but this is a really busy network
and I need to ultimately save the capture to a file thus need a capture filter. The Wireshark display filter code, for the filter "ip.dst == 207.35.208.194 or ip.src == 207.35.208.194", looks for IP addresses wherever they appear in the packet. The libpcap/WinPcap capture filter code, for the filter "host 207.35.208.194", generates BPF code that looks for IP addresses under the assumption that there are no VLAN headers. The packets not being seen have VLAN headers. The filter host 207.35.208.194 or (vlan and host 207.35.208.194) (you will need to quote that if you put it on the command line) sees all the packets in the file; it will check for IP addresses with no VLAN headers or with one level of VLAN header. ________________________________________________________________________ ___ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Forthofer Russ (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 12)
- Re: src host capture filter not working Guy Harris (Jan 12)
- Re: src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Sake Blok (Jan 13)
- <Possible follow-ups>
- src host capture filter not working Jeff Liegel (Jan 13)
- Re: src host capture filter not working Forthofer Russ (Jan 12)