Wireshark-dev: Re: [Wireshark-dev] libpcap support for capturing DCCP packets withspecific port
From: Ktawut Tappayuthpijarn <ktawut@xxxxxxxxx>
Date: Fri, 11 Sep 2009 11:14:46 +0200
Dear Chris, all,

Thanks so much for your advises. I tried the filter rule that Chris suggested 
also and IT WORKS !! .... It's been a week for me trying to come up with 
solutions and a way to work around this problem. Now it works beautifully. I 
can selectively capture whatever my desired destination or source DCCP ports 
are now.

best regards,
K. T.Pijarn 


On Thursday 10 September 2009 20:52, Maynard, Chris wrote:
> A more robust filter that does not rely on fixed-length IP headers:
>
> (dst 192.168.1.30) && (ip[9]==33) && (ip[((ip[0]&0x0f)<<2):2]==40001)
>
> I did not test this exact filter but one very close to it for capturing
> GRE packets where ip[9]==47 and a different 2-byte field match within
> the GRE header.
>
> - Chris
>
> > -----Original Message-----
> > From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> > bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> > Sent: Thursday, September 10, 2009 2:32 PM
> > To: Developer support list for Wireshark
> > Subject: Re: [Wireshark-dev] libpcap support for capturing DCCP
>
> packets
>
> > withspecific port?
> >
> > On Sep 10, 2009, at 12:50 AM, Ktawut T.Pijarn wrote:
> > > Dear all the experts on pcap/wireshark
> >
> > The official place to reach the experts on pcap is tcpdump-
> > workers@xxxxxxxxxxx
> >   (tcpdump and libpcap both come from the same group).
> >
> > However, there are core libpcap developers who are also core Wireshark
> > developers, so some of us will see them either way.
> >
> > > So, is there a special syntax for pcap to specify the DCCP port, if
> > > that is
> > > available at all?
> >
> > Unfortunately, there currently isn't any DCCP capture filter support
> > in libpcap.
> >
> > I'll look at adding it at some point, but it probably won't be in any
> > release soon.  (Neither libpcap nor tcpdump nor Wireshark are my day
> > job, and there's a bunch of other stuff going on as well.)
> >
> > Chris Maynard's workaround is worth trying.
>
> _______________________________________________________________________
>
> > ____
> > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-
> > request@xxxxxxxxxxxxx?subject=unsubscribe
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

-- 
Ktawut Tappayuthpijarn

mobile:		+49 0176 2173 7780
email: 		ktawut@xxxxxxxx, ktawut@xxxxxxxxx

Nomor Research GmbH  -  Sitz der Gesellschaft: München -  
Registergericht: München, HRB 165856 – Umsatzsteuer-ID: DE238047637 -  
Geschäftsführer: Dr. Thomas Stockhammer, Dr. Ingo Viering.