Wireshark · Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 1 Dec 2009 12:34:45 -0800


On Dec 1, 2009, at 9:26 AM, Boaz Galil wrote:

The problem is when I want to use the same command for UDP e.g : “"-f "host x.x.x.x and ((udp [2:2] >= 20 and udp [2:2] <= 80) or(udp [0:2] >= 20 and udp [0:2] <= 80))" I am not getting any errorbut I am also not getting any results inside the packet capture file.

Are you getting any traffic to or from UDP ports 20 through 80 on yournetwork?

(BTW, newer versions of libpcap support "host x.x.x.x and {tcp,udp}portrange 20-80".)

Follow-Ups:
- Re: [Wireshark-users] UDP port range in Tshark
  - From: Boaz Galil

References:
- [Wireshark-users] UDP port range in Tshark
  - From: Boaz Galil

Prev by Date: Re: [Wireshark-users] Slow database access
Next by Date: Re: [Wireshark-users] UDP port range in Tshark
Previous by thread: [Wireshark-users] UDP port range in Tshark
Next by thread: Re: [Wireshark-users] UDP port range in Tshark
Index(es):
- Date
- Thread