Wireshark · Wireshark-users: Re: [Wireshark-users] -d option does not listen to the port I choose

Wireshark-users: Re: [Wireshark-users] -d option does not listen to the port I choose

From: James Hozier <guitarscn1@xxxxxxxxx>

Date: Thu, 2 Sep 2010 21:26:32 -0700 (PDT)

> From: Bill Meier <wmeier@xxxxxxxxxxx>
> Subject: Re: [Wireshark-users] -d option does not listen to the port I choose
> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Date: Friday, September 3, 2010, 3:29 AM
> James Hozier wrote:
> > tshark -i en1 -tad -lnx -d tcp.port==7001,irc -R
> 'irc'
> > 
> > When I start to see the packets on my screen, they are
> from port 6667,
> > not from port 7001. Anything from port 7001 I do not
> see, but it listens
> > to port 6667 for some reason? Why does it do this?
> > 
> > 
> >       
> 
> -d ...  means decode any traffic on tcp port 7001 as
> irc;
>          (it does *not* mean
> 'listen on this port)
> -R .. means filter on irc packets.
> 
> So: I think the above means filter on irc:
>      - on port 6667 which is the normal
> tcp port for irc
>        (from looking at the irc
> dissector code);
>      - and on on port 7001;
> 
> If you want to just see port 7001 traffic you should use
> -R 'tcp.port==7001'
> 
> 
> 

Okay so then I have this:
tshark -i en1 -tad -lnx -R 'tcp.port==7001'

How do I specify IRC only? And not other packets?

Follow-Ups:
- Re: [Wireshark-users] -d option does not listen to the port I choose
  - From: Sake Blok

References:
- Re: [Wireshark-users] -d option does not listen to the port I choose
  - From: Bill Meier

Prev by Date: Re: [Wireshark-users] -d option does not listen to the port I choose
Next by Date: Re: [Wireshark-users] dumpcap permissions on files created
Previous by thread: Re: [Wireshark-users] -d option does not listen to the port I choose
Next by thread: Re: [Wireshark-users] -d option does not listen to the port I choose
Index(es):
- Date
- Thread