Wireshark · Wireshark-users: [Wireshark-users] Woes with batch file...plz assist !!!

Wireshark-users: [Wireshark-users] Woes with batch file...plz assist !!!

Date: Mon, 16 Aug 2010 16:15:26 -0500

Users -

I have been using Wireshark to capture test data. The Wireshark filter is as follows:

ip.src="" and (ip[0:] contains 00:00:87:00:00:00:18) or (ip[0:] contains 00:00:86:00:00:00:50)

The desire is to parse all traffic by the Unit Under Test IP (10.10.2.1), then finding a record payload that has either the 87 or 86 above (tells me fault files).

Life is great and working with Wireshark (nice tool!!!) but here is my problem... I need to automate w/o a user intervention. I have a batch file working but the Wireshark filter above is NOT a cut and paste for the Command Prompt...:

"c:\program files\wireshark\dumpcap.exe" -i 1 -f "src host 10.10.2.1 && (ip[51:1] = 134 || ip[51:1] = 135)" -a duration:60 -w C:\backup\Captures\PBIT_cap.txt

This assumes that the 86/134 dec and 87/135 dec are in a fixed location....murphy now shows it's ugly head and it is in different places in the payload of the ethernet record. So I tried to get the "ip[0:] " working. How do I do this as it seems not to allow dynamic searching during capture??

Thanks,

Mr. Steven Blaber
Principle Test Equipment Engineer, Test Solutions,
Rockwell Collins Government Systems
319-295-4790

Follow-Ups:
- Re: [Wireshark-users] Woes with batch file...plz assist !!!
  - From: Martin Visser

Prev by Date: Re: [Wireshark-users] how can I filter on traffic that is (a) going in/out through the company internet proxy [e.g. proxy.mycompany.com] and (b) to/from my PC?
Next by Date: Re: [Wireshark-users] how can I filter on traffic that is (a) going in/out through the company internet proxy [e.g. proxy.mycompany.com] and (b) to/from my PC?
Previous by thread: Re: [Wireshark-users] IP Options TimeStamp
Next by thread: Re: [Wireshark-users] Woes with batch file...plz assist !!!
Index(es):
- Date
- Thread