Ask Your Question
0

Invalid capture Filter

asked 2022-12-07 12:02:05 +0000

I have a Problem with my IP Telefon and the Partner want me to monitor the Network with Wireshark. I created a batch to start Wireshark on Startup with the following cmd line:

C:\Programme\wireshark>wireshark -i \Device\NPF_{23EA96D6-BEE6-405B-B124-B6E0D919C34F} -f "net 66.81.246.0/20" -b filesize:10000 -w "C:\Users\EIBL\OneDrive\wiresharklogs\wireshark.pcap" -k --no-promiscuous-mode

The Problem is the /20 on -f "net 66.81.246.0/20" if i do /24 it works but on /22 or less i get an error. Can anybody help me?

did also try "net XXX.XXX.XXX.XXX mask XXX.XXX.XXX.XXX" but i wont work below /22

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-12-07 13:19:35 +0000

Jaap gravatar image

Let's work out the network address:


    66       81      246        0
01000010  01010001 11110110  00000000

so a /24 would become


    66       81      246        0
01000010  01010001 11110110  ........

that works, because these were all zeros that were dropped.

a /23 would become


    66       81      246        0
01000010  01010001 1111011.  ........

that works, because these were all zeros dropped.

a /22 would become


    66       81      246        0
01000010  01010001 111101..  ........

that fails because there was a one there.

So, turning this around, the network address for /20 would be


01000010  01010001 1111.... ........
    66       81      240        0
edit flag offensive delete link more

Comments

you are absolute right. A shame i didn´t get it by myself. Thank you very much for clearing this out!

Neotreitz gravatar imageNeotreitz ( 2022-12-07 13:27:14 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-12-07 12:02:05 +0000

Seen: 473 times

Last updated: Dec 07 '22