Ethereal-users: Re: [Ethereal-users] help with filter syntax

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 30 Nov 2000 12:39:24 -0800 (PST)
> SNMP uses UDP port 161, so the capture filter would be "udp port 161", or
> simply "port 161".

"udp port snmp" might also work, depending on whether the database
"getservbyname()" uses exists (probably "/etc/services", on a UNIX
machine, or an equivalent NIS map) and has an entry for "snmp" in it.

(It worked on both Solaris and Windows 2000 here - at least Ethereal
didn't complain about the filter expression, and an earlier attempt with
tcpdump actually saw SNMP traffic, although I guess I was lucky when I
did that test and happened to do it when there actually was SNMP
traffic; later attempts saw nothing, probably because there wasn't any
SNMP traffic on the wire, as neither Ethereal nor tcpdump saw anything
at the time of the later attempt.)