Wireshark · Ethereal-users: Re: [Ethereal-users] what should i do to capture SNMP packet only in myNIC??

Ethereal-users: Re: [Ethereal-users] what should i do to capture SNMP packet only in myNIC??

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Tue, 17 Jun 2003 17:02:30 +0100

Bene Tam wrote:        
<what should i do to capture SNMP packet only in myNIC??
<

<I would like to specify protocol instead of udp or port no.


Ethereal uses libpcap/Winpcap for capturing and the capture filter syntax is described in the documentation for the corresponding tcpdump/WinDump man-page.
http://windump.polito.it/docs/manual.htm
http://www.tcpdump.org/tcpdump_man.html

You can use capture filters like "udp port 161 or 162" if the default SNMP/SNMP-TRAP ports are used.
A filter "udp port \snmp or \snmp-trap" will probably also work and be equivalent to "udp port 161 or 162" 

"snmp" is a valid diplay filter - but not a valid capture filter. Ethereal may however not decode SNMP packets sent to/from other
ports than the default ports (161/162) as SNMP packets - and then that filter will not work. 
You'll have to use the "Decode As.." functionality if other ports are used.

Prev by Date: [Ethereal-users] what should i do to capture SNMP packet only in my NIC??
Next by Date: [Ethereal-users] problem running ethereal from solaris.
Previous by thread: [Ethereal-users] what should i do to capture SNMP packet only in my NIC??
Next by thread: [Ethereal-users] problem running ethereal from solaris.
Index(es):
- Date
- Thread