Re: Need filters

[Jaap Keuter <jaap.keuter () xs4all nl>]

On 06/23/2010 11:00 PM, David H. Lipman wrote:
> From: "Guy Harris"<guy () alum mit edu>
>
>
> | On Jun 22, 2010, at 3:28 PM, David H. Lipman wrote:
>
> > > What do I need to provide the site owner to implement the rule(s) on his
> > > server ?
>
> | You need to tell them
>
> | Please filter out all traffic to or from UDP port 137 from the pcaps you generate,
> | however that happens to be done.
>
> | Because you haven't told us how the pcap file is generated, we cannot give you anything
> | more detailed than that.
>
> The server admin provided the following to me Today...
>
> "I record pcap with tshark, so what I need is a tshark capture filter."

Hi,

Well then, tell him to add:
        -f "not udp port 137"
to the tshark command line.

Thanks,
Jaap
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe