Wireshark mailing list archives
Re: tcpdump forum ?
From: "Aktuna, Ilker, Vodafone Turkey" <ilker.aktuna () vodafone com>
Date: Tue, 4 Sep 2012 05:19:43 +0000
Hi, How can I add a network address condition to the following filter ? “ip proto 4 and ip[20+9]=17 and (ip[20+20+0:2]=5060 or ip[20+20+2:2]=5060)” I want to add a source/dest network condition like “net 10.10.0.0/16” , or “net 192.168.202.96/27” Thanks, ilker From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Aktuna, Ilker, Vodafone Turkey Sent: Thursday, August 30, 2012 11:11 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] tcpdump forum ? Yes, the filter worked fine. Thanks. Well,it was working somehow. Maybe some version of libpcap was supporting it, is it impossible ? I didn’t use tshark. I know that its display filters support this but they are not effective when capturing to file :( Cheers, ilker From: wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org> [mailto:wireshark-users-bounces () wireshark org]<mailto:[mailto:wireshark-users-bounces () wireshark org]> On Behalf Of Sake Blok Sent: Thursday, August 30, 2012 8:26 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] tcpdump forum ? On 28 aug. 2012, at 15:07, "Aktuna, Ilker, Vodafone Turkey" <ilker.aktuna () vodafone com<mailto:ilker.aktuna () vodafone com>> wrote: Sorry if I was misleading. I didn’t state that I could write the patch for “ipip” . I meant that I could compile if the required code is supplied. I thought it was a easy for you to supply the required code. From your recent post I understand that I was wrong. So I’ll try to use what you suggested as a capture filter. (Thanks for the filter by the way) Did the filter work? But I wonder how “tcpdump” started not supporting this , as it was working fine on the previous server. Any ideas ? It sounds unlikely that it had ever worked. Are you sure you had ipip traffic back then? Or did you use tshark? Tshark is ipip aware in it's display filters (not in it's capture filters). Cheers, Sake Yasal Uyarı : Bu elektronik posta işbu linki kullanarak ulaşabileceğiniz Koşul ve Şartlar dokumanına tabidir http://www.vodafone.com.tr/VodafoneHakkinda/eposta-hukuki-sartlar.php Yasal Uyarı : Bu elektronik posta işbu linki kullanarak ulaşabileceğiniz Koşul ve Şartlar dokumanına tabidir http://www.vodafone.com.tr/VodafoneHakkinda/eposta-hukuki-sartlar.php
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: tcpdump forum ? Aktuna, Ilker, Vodafone Turkey (Sep 03)
- Re: tcpdump forum ? Sake Blok (Sep 03)
- Re: tcpdump forum ? Aktuna, Ilker, Vodafone Turkey (Sep 04)
- Re: tcpdump forum ? Sake Blok (Sep 03)