Wireshark · Wireshark-users: Re: [Wireshark-users] -d option does not listen to the port I choose

Wireshark-users: Re: [Wireshark-users] -d option does not listen to the port I choose

From: Bill Meier <wmeier@xxxxxxxxxxx>

Date: Thu, 02 Sep 2010 23:29:31 -0400

James Hozier wrote:

tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R 'irc'

When I start to see the packets on my screen, they are from port 6667,
not from port 7001. Anything from port 7001 I do not see, but it listens
to port 6667 for some reason? Why does it do this?


-d ...  means decode any traffic on tcp port 7001 as irc;
        (it does *not* mean 'listen on this port)
-R .. means filter on irc packets.

So: I think the above means filter on irc:
    - on port 6667 which is the normal tcp port for irc
      (from looking at the irc dissector code);
    - and on on port 7001;

If you want to just see port 7001 traffic you should use
-R 'tcp.port==7001'

Follow-Ups:
- Re: [Wireshark-users] -d option does not listen to the port I choose
  - From: James Hozier

References:
- [Wireshark-users] -d option does not listen to the port I choose
  - From: James Hozier

Prev by Date: [Wireshark-users] -d option does not listen to the port I choose
Next by Date: Re: [Wireshark-users] -d option does not listen to the port I choose
Previous by thread: [Wireshark-users] -d option does not listen to the port I choose
Next by thread: Re: [Wireshark-users] -d option does not listen to the port I choose
Index(es):
- Date
- Thread