Wireshark-users: Re: [Wireshark-users] Need filters
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Tue, 22 Jun 2010 18:28:26 -0400
From: "Guy Harris" <guy@xxxxxxxxxxxx>


| On Jun 22, 2010, at 2:44 PM, David H. Lipman wrote:

I attached two PCAP files in a ZIP file with data that we do NOT need to
see in a resultant report.

| dump.pcap and dump1.pcap have a bunch of NBNS traffic; try the filter "not udp port | 137". That's not SMB - that's either TCP port 139 or TCP port 445, possibly with some | UDP port 138 stuff, too, so "not udp port 137" should filter out the stuff in your two
| capture files without filtering out SMB traffic.



What do I need to provide the site owner to implement the rule(s) on his server ?