Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpdump forum ?

From: "Aktuna, Ilker, Vodafone Turkey" <ilker.aktuna () vodafone com>
Date: Tue, 4 Sep 2012 05:19:43 +0000
Hi,

How can I add a network address condition to the following filter ?

“ip proto 4 and ip[20+9]=17 and (ip[20+20+0:2]=5060 or ip[20+20+2:2]=5060)”

I want to add a source/dest network condition like “net 10.10.0.0/16” , or “net 192.168.202.96/27”

Thanks,
ilker

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Aktuna, 
Ilker, Vodafone Turkey
Sent: Thursday, August 30, 2012 11:11 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] tcpdump forum ?

Yes, the filter worked fine. Thanks.

Well,it was working somehow. Maybe some version of libpcap was supporting it, is it impossible ?
I didn’t use tshark. I know that its display filters support this but they are not effective when capturing to file :(

Cheers,
ilker


From: wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org> 
[mailto:wireshark-users-bounces () wireshark org]<mailto:[mailto:wireshark-users-bounces () wireshark org]> On Behalf 
Of Sake Blok
Sent: Thursday, August 30, 2012 8:26 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] tcpdump forum ?

On 28 aug. 2012, at 15:07, "Aktuna, Ilker, Vodafone Turkey" <ilker.aktuna () vodafone com<mailto:ilker.aktuna () 
vodafone com>> wrote:

Sorry if I was misleading. I didn’t state that I could write the patch for “ipip” . I meant that I could compile if the 
required code is supplied. I thought it was a easy for you to supply the required code. From your recent post I 
understand that I was wrong. So I’ll try to use what you suggested as a capture filter. (Thanks for the filter by the 
way)

Did the filter work?

 But I wonder how “tcpdump” started not supporting this , as it was working fine on the previous server.

Any ideas ?

It sounds unlikely that it had ever worked. Are you sure you had ipip traffic back then? Or did you use tshark? Tshark 
is ipip aware in it's display filters (not in it's capture filters).

Cheers,
Sake

Yasal Uyarı :
Bu elektronik posta işbu linki kullanarak ulaşabileceğiniz Koşul ve Şartlar dokumanına tabidir
http://www.vodafone.com.tr/VodafoneHakkinda/eposta-hukuki-sartlar.php


Yasal Uyarı :
Bu elektronik posta işbu linki kullanarak ulaşabileceğiniz Koşul ve Şartlar dokumanına tabidir
http://www.vodafone.com.tr/VodafoneHakkinda/eposta-hukuki-sartlar.php



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: