Convert Wireshark Filterstring to winpcap filter

[<peter.kindl () orf at>]

Hi!

I've two questions:

 

1.)

I'd urgently need help/advice of how the following filter string has to
be to be set as winpcap filter-string:

I can't find any working string for the protocols. "eth src
00:0e:0C:76:86:5e" is working.

 

Thanks for any reply and help

 

My filter in wireshark:

((eth.src ==
00:0e:0c:76:86:5e)&&!(frame.protocols=="eth:llc"))&&!(frame.protocols="e
th:ans")

 

 

2.)

Could someone tell me, how to reassemble Netbios Datagrams
protocol:DCERPC?

How does wireshark and co. know, the amount of frames, total size....

 

 

Once more thanks for any helpt and reply!!!!!!

P.S.: if someone nees winpcap in realbasic....i'm working on it since 2
years ;-)

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.