Wireshark · Wireshark-users: Re: [Wireshark-users] Capture filter for ARP, DNS and PING

Wireshark-users: Re: [Wireshark-users] Capture filter for ARP, DNS and PING

From: "nilay yildirim" <nilayenator@xxxxxxxxx>

Date: Sun, 6 Jan 2008 20:47:34 -0500

Thanks. So how about if I wanted to only capture all packets to and from 10.10.10.10 ( host ip adress) but just arp, dns and ping? What does this changes? Or I need to create another filter???

arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] =
icmp-echoreply

On Jan 6, 2008 5:28 PM, Guy Harris <guy@xxxxxxxxxxxx > wrote:

nilay yildirim wrote:

> How can I set up a capture filter just to capture ARP, DNS and PING?

"DNS" generally means "traffic to or from the Domain Name System port",
and "PING" generally means "ICMP Echo and Echo Reply packets", so:

arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] =
icmp-echoreply
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Follow-Ups:
- Re: [Wireshark-users] Capture filter for ARP, DNS and PING
  - From: Guy Harris

References:
- [Wireshark-users] Capture filter for ARP, DNS and PING
  - From: nilay yildirim
- Re: [Wireshark-users] Capture filter for ARP, DNS and PING
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] [FIXED] Can't find USB device
Next by Date: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
Previous by thread: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
Next by thread: Re: [Wireshark-users] Capture filter for ARP, DNS and PING
Index(es):
- Date
- Thread