"On what version of what OS are you running Wireshark?"
Win XP Pro SP3
"What version of libpcap/WinPcap does the About box (Help -> About
Wireshark) say Wireshark is using? (Both "compiled with" and "running
with".)"
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version
unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI
0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version
4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Chuck
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Tuesday, February 17, 2009 11:01 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SYN Capture Filter issue
On Feb 17, 2009, at 9:35 AM, Bland Chuck-CNGR85 wrote:
> WS Version 1.0.5 (SVN Rev 26954)
>
> Capture Filter: "tcp[13] & 0x02 = 2" (no quotes)
>
If I run your capture through
tcpdump -r /tmp/SYN\ Filter\ Test.pcap -w /tmp/foo.pcap 'tcp[13]
&
0x02 = 2'
on my machine (Mac OS X 10.5.5), the resulting foo.pcap file is shorter
and contains only SYN segments.
On what version of what OS are you running Wireshark?
What version of libpcap/WinPcap does the About box (Help -> About
Wireshark) say Wireshark is using? (Both "compiled with" and "running
with".)
________________________________________________________________________
___
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe