Wireshark-dev: Re: [Wireshark-dev] libpcap support for capturing DCCP packets with specific por

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Thu, 10 Sep 2009 09:26:20 -0400
Ktawut T.Pijarn wrote:

However, I also need to differentiate different DCCP connections using different DCCP ports too but libpcap doesn't capture anything for me when I specify the desired port in addition to the IP address in the capture filter, e.g. "dst 192.168.1.30 and src port 40001". It just does not capture anything for me.

So, is there a special syntax for pcap to specify the DCCP port, if that is available at all?


It appears that DCCP runs on top of IP and thus "DCCP port" is specified in the DCCP payload.

I strongly doubt that DCCP is a protocol which can be specified in a libpcap Capture Filter (and thus can be decoded to determine the DCCP port).

From the man tcpdump section about Capture filters:

"dst port port
  True  if  the  packet  is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
  destination port value of port.  The port can be a number  or  a  name
"


As the Wireshark man pages say:

"Capture Filter Syntax
See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8)."

for all the gory details about using Capture filters.   :)