Wireshark mailing list archives
Re: UDP port range in Tshark
From: Guy Harris <guy () alum mit edu>
Date: Tue, 1 Dec 2009 13:26:18 -0800
On Dec 1, 2009, at 12:46 PM, Boaz Galil wrote:
We are using old version of winpcap. In any case we are sure that there is traffic between this range (as we are getting in - wireshark without any filter).
Download windump, if you haven't done so already, and then do windump -d "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))" (where "x.x.x.x" is the IP address you used). Then do a Wireshark/TShark capture without a filter, save it to a file, and then try windump -r {the file name} "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or (udp [0:2] >= 20 and udp [0:2] <= 80))" and see if it reports anything. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)
- Re: UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)
- Re: UDP port range in Tshark Boaz Galil (Dec 01)
- Re: UDP port range in Tshark Guy Harris (Dec 01)