Wireshark · Wireshark-users: Re: [Wireshark-users] Need filters

Wireshark-users: Re: [Wireshark-users] Need filters

From: "David H. Lipman" <DLipman@xxxxxxxxxxx>

Date: Tue, 22 Jun 2010 18:28:26 -0400

From: "Guy Harris" <guy@xxxxxxxxxxxx>


| On Jun 22, 2010, at 2:44 PM, David H. Lipman wrote:

I attached two PCAP files in a ZIP file with data that we do NOT need to
see in a resultant report.

| dump.pcap and dump1.pcap have a bunch of NBNS traffic; try the filter "notudp port| 137". That's not SMB - that's either TCP port 139 or TCP port 445,possibly with some| UDP port 138 stuff, too, so "not udp port 137" should filter out the stuffin your two

| capture files without filtering out SMB traffic.

What do I need to provide the site owner to implement the rule(s) on hisserver ?

Follow-Ups:
- Re: [Wireshark-users] Need filters
  - From: Guy Harris

References:
- [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Need filters
Next by Date: Re: [Wireshark-users] Need filters
Previous by thread: Re: [Wireshark-users] Need filters
Next by thread: Re: [Wireshark-users] Need filters
Index(es):
- Date
- Thread