Wireshark-users: Re: [Wireshark-users] pcap filter for ingress egress selection

From: Oguz Yilmaz <oguzyilmazlist@xxxxxxxxx>
Date: Mon, 4 Jul 2011 14:37:56 +0300
I will follow developments o pcap-ng.

Thanks.

--
Oguz YILMAZ



On Sat, Jul 2, 2011 at 11:00 AM, Sake Blok <sake@xxxxxxxxxx> wrote:
> On 24 jun 2011, at 11:10, Oguz Yilmaz wrote:
>
>> Are there any pcap filter for selecting packets according to their
>> direction. My solution was using "ether dst" or "ether src". hoıwever
>> this depends on knowing MAC address of the interface. I want to ask
>> whteter there is another way of selection of ingress and egresss
>> packets seperately.
>
> The pcap format does not provide means to store the direction of a packet (or the interface on which it was captured). So when using pcap files, you will have to filter by mac-addresses and/or IP addresses. This does however mean you have to know the topology of the network.
>
> In pcap-ng, I think there is the possibility to store interface and direction information. But AFAIK this has not been implemented in Wireshark yet (pcap-ng support is slowly increasing in Wireshark).
>
> Hope this helps,
> Cheers,
>
>
> Sake
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe