Wireshark mailing list archives
Re: UDP port range in Tshark
From: Guy Harris <guy () alum mit edu>
Date: Tue, 1 Dec 2009 13:26:18 -0800
On Dec 1, 2009, at 12:46 PM, Boaz Galil wrote:
We are using old version of winpcap. In any case we are sure that there is traffic between this range (as we are getting in - wireshark without any filter).
Download windump, if you haven't done so already, and then do
windump -d "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80)
or (udp [0:2] >= 20 and udp [0:2] <= 80))"
(where "x.x.x.x" is the IP address you used).
Then do a Wireshark/TShark capture without a filter, save it to a
file, and then try
windump -r {the file name} "host x.x.x.x and ((udp [2:2] >= 20 and
udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))"
and see if it reports anything.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)
- Re: UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)
- Re: UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)