That so obvious, ... and it works ...
Thanks much
regards
ric
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Wednesday, April 16, 2003 5:56 PM
To: Ric Rocheleau
Cc: 'ethereal-users@xxxxxxxxxxxx'
Subject: Re: [Ethereal-users] Writing Capture filters
On Wed, Apr 16, 2003 at 01:52:49PM -0700, Ric Rocheleau wrote:
> There must be some cheat sheet ot there for wring capture filters in
> Etherreal
Well, they're libpcap capture filters, and so are tcpdump filters; the
tcpdump/WinDump man page has some examples.
> I want to have a simple capture filter that picks up all DHCP
> traffic on some network.
If the DHCP traffic is on the standard BOOTP ports (67 and 68), you can
do
udp port 67 or udp port 68
or, if the services database ("/etc/services" or the equivalent NIS/etc.
database on UNIX, whatever the file is on Windows) has the right
entries:
udp port bootpc or udp port bootps