Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap filter for ingress egress selection

From: Oguz Yilmaz <oguzyilmazlist () gmail com>
Date: Mon, 4 Jul 2011 14:37:56 +0300
I will follow developments o pcap-ng.

Thanks.

--
Oguz YILMAZ



On Sat, Jul 2, 2011 at 11:00 AM, Sake Blok <sake () euronet nl> wrote:

On 24 jun 2011, at 11:10, Oguz Yilmaz wrote:


Are there any pcap filter for selecting packets according to their
direction. My solution was using "ether dst" or "ether src". hoıwever
this depends on knowing MAC address of the interface. I want to ask
whteter there is another way of selection of ingress and egresss
packets seperately.


The pcap format does not provide means to store the direction of a packet (or the interface on which it was 
captured). So when using pcap files, you will have to filter by mac-addresses and/or IP addresses. This does however 
mean you have to know the topology of the network.

In pcap-ng, I think there is the possibility to store interface and direction information. But AFAIK this has not 
been implemented in Wireshark yet (pcap-ng support is slowly increasing in Wireshark).

Hope this helps,
Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: