Ask Your Question
0

Filter expression help request

asked 2019-12-03 23:07:08 +0000

Guerrette gravatar image

I was using this expression but it stopped working.

!(ip.addr == 208.67.222.220,208.67.222.222,208.67.220.220) tcp.port == 53 || udp.port == 53

What did I do wrong?

Thanks, Curt [email protected]

edit retag flag offensive close merge delete

Comments

Can you describe what the filter is supposed to match or not match?

Chuckc gravatar imageChuckc ( 2019-12-03 23:09:47 +0000 )edit

not match 208.67.222.220,208.67.222.222,208.67.220.220 and equal tcp.port == 53 || udp.port == 53 to find bad recursive DNS requests

Guerrette gravatar imageGuerrette ( 2019-12-03 23:29:32 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-12-03 23:38:51 +0000

Chuckc gravatar image 
!ip.addr in { 208.67.222.220 208.67.222.222 208.67.220.220} and (tcp.port == 53 || udp.port == 53)
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-12-03 23:07:08 +0000

Seen: 580 times

Last updated: Dec 03 '19

Related questions

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

Localhost capturing

Port Unreachable

SCCP on tcp port 2005 ?

How are FTP ports decided ?

I cannot enter a filter for tcp port 61883. What is so special about this number?

How to determine which processes are sending CLDAP Protocol to DST Port 389

How do I only dissect packets within a range of IP addresses but any port?

Wireshark keeps getting source port incorrect

Wireshark can sniff ethernet frame over serial port?