Wireshark-users: Re: [Wireshark-users] Display Filter for Physical address of a Wireless adapter?
tried these combinations with no luck:
wireshark -f "udp port 37112
" -R"wlan.addr==\"00:w3:d2:90:4c:05\"" -i2 -k
wireshark -f "udp port 37112
" -R'wlan.addr==00:w3:d2:90:4c:05' -i2 -k
wireshark -f "udp port 37112
" -R wlan.addr==00:w3:d2:90:4c:05 -i2 -k
The problem is that it displays all the packets on that port without filtering the display based on the MAC ID that I provided. But it works on tshark though
On Tue, Apr 8, 2008 at 5:47 PM, Vinay Chilakamarri <
vinay.chilakamarri@xxxxxxxxx> wrote:
Hi,
seems like the Wireshark is ignoring the dislpay argument. I tried this with wireshrak:
wireshark -f "udp port 37112" -R"wlan.addr==00:w3:d2:90:4c:05" -i2 -k
and its displays all packets(without filtering the ones based on the mac i gave), where as
tshark -f "udp port 37112" -R"wlan.addr==00:w3:d2:90:4c:05" -i2
works just fine(it filters the packets based on the mac). Also I observed that when I apply the display filter after wireshark gui came up, it works... any clue on whats wrong with the above command?
Thanks.
On Tue, Apr 8, 2008 at 5:05 PM, Vinay Chilakamarri <
vinay.chilakamarri@xxxxxxxxx> wrote:
Hey i figured it. For those who are curious to know, this _expression_ does it: wlan.addr==xx:xx:xx:xx:xx:xxOn Tue, Apr 8, 2008 at 4:21 PM, Vinay Chilakamarri <
vinay.chilakamarri@xxxxxxxxx> wrote:
Hi,
I am trying to filter the packets that I captured ( from TZSP protocol) based on the physical address of a Wireless Adapter. Can anyone point me to the command line argument available for doing this? Right now my command looks something like this:
wireshark -f "udp port 37112" -i2 -k
I read that -R is for display filter but I am not sure what _expression_ does the job. Any help on this is greatly appreciated.
Thank you!
-Vinay
