Ask Your Question

Command Line port filter

asked 2020-05-22 09:09:17 +0000

I have use Command Lind to start Wire Shark capture fallow this- wireshark -i LAN_B -i LAN_A -k -f "dst port 9500" -S -l -b duration:60 --ring-buffer files:10 -w D:\tmp\test03

All Function that work except Filter Function, I do"nt know why it not work where this thing wrong and how to soult this???

edit retag flag offensive close merge delete


In what way is it not working, does it exclude traffic you want or include traffic you didn't want?

Do you have VLAN tagged traffic?

grahamb gravatar imagegrahamb ( 2020-05-22 09:44:50 +0000 )edit

The capture filter is not used when two interfaces are defined. I tried it and I've the same issue. Bug?

JasMan gravatar imageJasMan ( 2020-05-22 10:07:43 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-05-22 10:35:44 +0000

grahamb gravatar image

updated 2020-05-22 10:39:08 +0000

It depends on where you put the capture filter in the argument list. See the man page entry for the -f option:

This option can occur multiple times. If used before the first occurrence of the -i option, it sets the default capture filter expression. If used after an -i option, it sets the capture filter expression for the interface specified by the last -i option occurring before this option. If the capture filter expression is not set specifically, the default capture filter expression is used if provided.

The behaviour can be verified by omitting the -k flag and opening the Capture Options dialog and inspecting the capture filter for each interface.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2020-05-22 09:09:17 +0000

Seen: 407 times

Last updated: May 22 '20