Wireshark · Wireshark-users: Re: [Wireshark-users] Yum install centos 5.2

Wireshark-users: Re: [Wireshark-users] Yum install centos 5.2

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 11 Oct 2009 14:45:44 -0700


On Oct 11, 2009, at 2:28 PM, Mike Brandonisio wrote:

Since tshark appears to work I'm trying to record HELOs/EHLOs for aspecific IP, the value of the HELOs/EHLOs.
I have this so far:

tshark -f "port 25" -R "ip.src==74.xx.xx.xx"


I'd try

	tshark -f "port 25 and src host 74.xx.xx.xx"

which will do all the filtering in libpcap/the kernel.

However, if the HELO/EHLOs are coming on port 587 rather than port 25,try


	tshark -f "port 587 and src host 74.xx.xx.xx".

I'm assuming here that the HELOs/EHLOs are coming *from* 74.xx.xx.xx;if not, try


	tshark -f "port 587 and dst host 74.xx.xx.xx"

Follow-Ups:
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Mike Brandonisio
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Mike Brandonisio

References:
- [Wireshark-users] Yum install centos 5.2
  - From: Mike Brandonisio
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Guy Harris
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Mike Brandonisio
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Guy Harris
- Re: [Wireshark-users] Yum install centos 5.2
  - From: Mike Brandonisio

Prev by Date: Re: [Wireshark-users] Yum install centos 5.2
Next by Date: Re: [Wireshark-users] Yum install centos 5.2
Previous by thread: Re: [Wireshark-users] Yum install centos 5.2
Next by thread: Re: [Wireshark-users] Yum install centos 5.2
Index(es):
- Date
- Thread