Hi,
How can I add a network address condition to the following filter ?
“ip proto 4 and ip[20+9]=17 and (ip[20+20+0:2]=5060 or ip[20+20+2:2]=5060)”
I want to add a source/dest network condition like “net 10.10.0.0/16” , or “net 192.168.202.96/27”
Thanks,
ilker
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of Aktuna, Ilker, Vodafone Turkey
Sent: Thursday, August 30, 2012 11:11 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] tcpdump forum ?
Yes, the filter worked fine. Thanks.
Well,it was working somehow. Maybe some version of libpcap was supporting it, is it impossible ?
I didn’t use tshark. I know that its display filters support this but they are not effective when capturing to file :(
Cheers,
ilker
Sorry if I was misleading. I didn’t state that I could write the patch for “ipip” . I meant that I could compile if the required
code is supplied. I thought it was a easy for you to supply the required code. From your recent post I understand that I was wrong. So I’ll try to use what you suggested as a capture filter. (Thanks for the filter by the way)
Did the filter work?
But I wonder how “tcpdump” started
not supporting this , as it was working fine on the previous server.
Any ideas ?
It sounds unlikely that it had ever worked. Are you sure you had ipip traffic back then? Or did you use tshark? Tshark is ipip aware in it's display filters (not in it's capture filters).
Yasal Uyarı :
Bu elektronik posta işbu linki kullanarak ulaşabileceğiniz Koşul ve Şartlar dokumanına tabidir
http://www.vodafone.com.tr/VodafoneHakkinda/eposta-hukuki-sartlar.php
