I am trying now to create a filter for ALL udp ports.
Can you help me with the syntax?
port udp <something?>
Is there a definitive reference for ethereal so I don't have to keep bugging
you guys.
Thanks for your help.
Mitch Smith
-----Original Message-----
From: McNutt, Justin M. [mailto:McNuttJ@xxxxxxxxxxxx]
Sent: Sunday, December 03, 2000 12:17 PM
To: 'Gerald Combs'; Mitchell K. Smith
Cc: 'ethereal-users@xxxxxxxxxxxx'
Subject: RE: [Ethereal-users] help with filter syntax
That will work, but remember that SNMP traps are sent on UDP port 162 (by
default). Try:
udp.port == 161 or udp.port == 162
--J
> -----Original Message-----
> From: Gerald Combs [mailto:gerald@xxxxxxxx]
> Sent: Thursday, November 30, 2000 1:58 PM
> To: Mitchell K. Smith
> Cc: 'ethereal-users@xxxxxxxxxxxx'
> Subject: Re: [Ethereal-users] help with filter syntax
>
>
> On Thu, 30 Nov 2000, Mitchell K. Smith wrote:
>
> > Greetings.
> >
> > I am new to using Ethereal and I need some help with the
> filter syntax.
> > I am using version 0.8.14.
> >
> > I am trying to capture SNMP packets only.
> >
> > I read the tcpdump man page but I still don't "get it"
> >
> > What would the syntax be for the filter field?
>
> SNMP uses UDP port 161, so the capture filter would be "udp
> port 161", or
> simply "port 161". In case you need it the display filter would be
> "snmp" or "udp.port == 161".
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>