Wireshark-users: Re: [Wireshark-users] Need filters
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 23 Jun 2010 23:43:32 +0200
On 06/23/2010 11:00 PM, David H. Lipman wrote:
From: "Guy Harris"<guy@xxxxxxxxxxxx>


| On Jun 22, 2010, at 3:28 PM, David H. Lipman wrote:

What do I need to provide the site owner to implement the rule(s) on his
server ?

| You need to tell them

| Please filter out all traffic to or from UDP port 137 from the pcaps you generate,
| however that happens to be done.

| Because you haven't told us how the pcap file is generated, we cannot give you anything
| more detailed than that.

The server admin provided the following to me Today...

"I record pcap with tshark, so what I need is a tshark capture filter."



Hi,

Well then, tell him to add:
	-f "not udp port 137"
to the tshark command line.

Thanks,
Jaap