Wireshark · Ethereal-dev: Re: [Ethereal-dev] Capture Filter

Ethereal-dev: Re: [Ethereal-dev] Capture Filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Nathan Jennings <njen@xxxxxxxxxxxx>

Date: Fri, 19 Aug 2005 21:08:36 -0400

Michael Back wrote:

Could you explain how I would set up a capture filter to monitorDestination / Source, Source / Destination for ports 445 and 139?


tethereal -n -s 1514 -i <dev_name> 'tcp and (port 445 or 139)'

Depending on whether or not you care about what's in the payload onceit's captured, you could leave out the "-s 1514" (snap length).

If you need it, use the "-w <file_name>" option to write the capture toa file.


Also see:
(there are more precise worm examples here)
http://wiki.ethereal.com/CaptureFilters
http://wiki.ethereal.com/Performance

Follow-Ups:
- Re: [Ethereal-dev] Capture Filter
  - From: Guy Harris

References:
- [Ethereal-dev] Capture Filter
  - From: Michael Back

Prev by Date: [Ethereal-dev] Capture Filter
Next by Date: [Ethereal-dev] Getting rid of ui_util.h mess?
Previous by thread: [Ethereal-dev] Capture Filter
Next by thread: Re: [Ethereal-dev] Capture Filter
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$