Wireshark-users: Re: [Wireshark-users] UDP port range in Tshark

From: Boaz Galil <boaz20@xxxxxxxxx>
Date: Tue, 1 Dec 2009 22:46:27 +0200
We are using old version of winpcap. In any case we are sure that there is traffic between this range (as we are getting in - wireshark without any filter).


 
On Tue, Dec 1, 2009 at 10:34 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Dec 1, 2009, at 9:26 AM, Boaz Galil wrote:

> The problem is  when I want to use the same command for UDP e.g : “"
> -f "host x.x.x.x  and  ((udp [2:2] >= 20 and udp [2:2] <= 80) or
> (udp [0:2] >= 20 and  udp [0:2] <= 80))" I am not getting any error
> but I am also not getting any results inside the packet capture file.

Are you getting any traffic to or from UDP ports 20 through 80 on your
network?

(BTW, newer versions of libpcap support "host x.x.x.x and {tcp,udp}
portrange 20-80".)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Boaz.