Wireshark · Wireshark-users: Re: [Wireshark-users] View Filter -> Capture Filter

Wireshark-users: Re: [Wireshark-users] View Filter -> Capture Filter

Date: Thu, 26 Oct 2006 16:49:45 +1000

Quoting Stephen Fisher <stephentfisher@xxxxxxxxx>:

Cheers, I had tried using 'tcp port 389' but in needing to do a 24hr
capture resulted in a lot of info. Even when splitting the data amongst
multiple files resulted in 10Mb x 260 files. Opening this many files
would be too much. I'm not sure of what the maximum file size WireShark
can handle in opening, may give 150Mb a go instead of 10Mb multiple file
sizes.

Thanks

> On Thu, Oct 26, 2006 at 02:33:19PM +1000, sallas@xxxxxxxxxx wrote:
> 
> > Anybody knows what the Capture Filter equivalent is of the
> following 
> > View Filter: ldap.authentication == 0
> > 
> > I am basically trying to whittle down my capture to simple 
> > authentication requests over LDAP (389) as part of an investigation
> 
> > into using LDAPS.
> 
> Unfortunately, there is no way to get that much detail in a capture 
> filter.  The best you can do is set the capture filter to only
> capture 
> LDAP traffic with "tcp port 389".
> 
> 
> Steve
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>

Follow-Ups:
- Re: [Wireshark-users] View Filter -> Capture Filter
  - From: Stephen Fisher
- Re: [Wireshark-users] View Filter -> Capture Filter
  - From: Jim Young

References:
- [Wireshark-users] View Filter -> Capture Filter
  - From: sallas
- Re: [Wireshark-users] View Filter -> Capture Filter
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] View Filter -> Capture Filter
Next by Date: Re: [Wireshark-users] View Filter -> Capture Filter
Previous by thread: Re: [Wireshark-users] View Filter -> Capture Filter
Next by thread: Re: [Wireshark-users] View Filter -> Capture Filter
Index(es):
- Date
- Thread