Wireshark mailing list archives
Re: Need filters
From: Guy Harris <guy () alum mit edu>
Date: Wed, 23 Jun 2010 16:30:01 -0700
On Jun 23, 2010, at 3:59 PM, David H. Lipman wrote:
"not udp port 137" and any other additions. If there are many, command line options are untenable. Loading and parsing an ASCII file would be the way to go.
One limit on the number of command-line filtering when capturing is that there are limits on the power of the filter expressions. However, you might end up putting in a lot of filters to filter out particular hosts, for example. If the command line is *itself* read from an ASCII file, then, obviously, command-line options do involve loading an ASCII file. If somebody is typing that command at a command line, then: 1) at least on UN*X command lines, you can say tshark -f `cat {filter}` where {filter} is the name of a file containing the filter, although that is limited by the number of bytes of command-line argument that the UN*X in question supports; 2) if you use tcpdump or WinDump rather than TShark or dumpcap to capture the traffic, it has a -F flag that takes, as an argument, the name of a file containing the filter expression (tcpdump/WinDump, TShark, and dumpcap all use libpcap/WinPcap to do traffic capture, so they all have the same capture filter syntax). ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Need filters, (continued)
- Re: Need filters M K (Jun 27)
- Re: Need filters David H. Lipman (Jun 27)
- Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)
- Re: Which is the stable version for wireshark ? Jaap Keuter (Jun 27)
- Re: Which is the stable version for wireshark ? Reddy Nagendra-GKTC37 (Jun 27)
- Re: Need filters David H. Lipman (Jun 23)
- Re: Need filters Jaap Keuter (Jun 23)
- Re: Need filters David H. Lipman (Jun 23)
- Re: Need filters Guy Harris (Jun 23)
- Re: Need filters David H. Lipman (Jun 23)
- Re: Need filters Guy Harris (Jun 23)
- Re: Need filters János Löbb (Jun 24)
- Re: Need filters Guy Harris (Jun 24)
- Re: Need filters David H. Lipman (Jun 24)