Wireshark Capture Filter Using Offset

["George E Burns" <geburns () ashland com>]

Hello,

I have a question regarding "capture" filters.  Specifically, I need to 
write a low level filter that will capture dynamic DNS update packets 
containing the opcode value of 0x05.  I know what the offset value is 
(0x2C and 0x2D) in the payload, but apparently I am missing something when 
trying to understand the correct "tcp dump" syntax to use as part of the 
capture filter in Wireshark. 

Capture Filter:         udp[2c] == 28 and udp[2d] == 00


Any input is greatly appreciated!


Thanks,
geburns
--------------------------------------------------
This e-mail contains information which may be privileged, confidential, proprietary, trade secret and/or otherwise 
legally protected. If you are not the intended recipient, please do not distribute this e-mail. Instead, please delete 
this e-mail from your system, and notify us that you received it in error. No waiver of any applicable privileges or 
legal protections is intended (and nothing herein shall constitute such a waiver), and all rights are reserved. 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe