Here's another detail....
Tcp[13]=2 works properly
tcp[13] & 0x02=2 passes other packets. Usually, the flag field equals
0x18.
Chuck
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Bland
Chuck-CNGR85
Sent: Tuesday, February 17, 2009 13:40 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SYN Capture Filter issue
Guy,
I'm gonna bring one other detail in to this.
I noticed in the WinDump output that it said....
windump: listening on \Device\NPF_GenericDialupAdapter
I'm not using this interface. I am using another. In this case, it is a
Juniper Networks virtual interface, as I am tunnelled into my employers
network as I work from home.
I saw the -i option in WinDump but don't know how to spec the interface
I'm using.
Does this make any difference and do I need to repeat the commands using
a different interface?
Chuck
________________________________________________________________________
___
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe