Ask Your Question
0

Capture from only one Port in wireshark and tshark

asked 2018-06-13 04:24:52 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

hi, is it possible to capture from only one port in wireshark and tshark? in wireshark if we use udp.port==1000 in filter tab, all packets capture but only packets with udp.port==1000 are displayed. However i want to capture packets of only one port?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-06-13 04:38:03 +0000

Guy Harris gravatar image

However i want to capture packets of only one port?

That's what capture filters are for.

Those are implemented by libpcap/WinPcap, and (due to the way they're implemented, often in the kernel-mode networking stack) have limited capabilities, so their syntax is different.

The capture filter you'd want would be udp port 1000.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-06-13 04:24:52 +0000

Seen: 714 times

Last updated: Jun 13 '18

Related questions

How do I change the interface on Tshark?

Tshark output file problem, saving to csv or txt

Can I create a capture filter on a pcap file

Wireshark capture with ET2000

Resolve frame subtype and export to csv

wireshark does not capture packets from wifi nic - windows 8

Why did file size become bigger after applying filtering on tshark?

Tshark output incomplete in real time

Using tshark to capture and Read filter at the same time

What kind of HW timestamp is now supported with Wireshark 2.6.0?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2