Wireshark-users: Re: [Wireshark-users] Need filters
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Wed, 23 Jun 2010 17:00:16 -0400
From: "Guy Harris" <guy@xxxxxxxxxxxx>


| On Jun 22, 2010, at 3:28 PM, David H. Lipman wrote:

>> What do I need to provide the site owner to implement the rule(s) on his
>> server ?

| You need to tell them

| Please filter out all traffic to or from UDP port 137 from the pcaps you generate,
| however that happens to be done.

| Because you haven't told us how the pcap file is generated, we cannot give you anything
| more detailed than that.

The server admin provided the following to me Today...

"I record pcap with tshark, so what I need is a tshark capture filter."


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp