Revision history [back]

We have setup a wireshark monitoring server in our lab. We have used capture filter to filter traffic from specific ports. However there is a lot of SCTP heartbeat exchange and Device watch dog requests/responses between the nodes and this is causing overload on the server and the wireshark application is slowing down.

Is it possible to use capture filter on SCTP level to filter out SCTP heartbeat chunks and DWR/DWA? Is this supported yet by the wireshark application? I tried below command for which an answer on this website was provided on 07th Aug 2014. But i got a syntax error.Can you please provide me with correct syntax ?

sudo tcpdump -i eth1 sctp ip[x:1]=04 and ip[x:1]=05

We have setup a wireshark monitoring server in our lab. We have used capture filter to filter traffic from specific ports. However there is a lot of SCTP heartbeat exchange and Device watch dog requests/responses between the nodes and this is causing overload on the server and the wireshark application is slowing down.

Is it possible to use capture filter on SCTP level to filter out SCTP heartbeat chunks and DWR/DWA? Is this supported yet by the wireshark application? I tried below command for which an answer on this website was provided on 07th Aug 2014. But i got a syntax error.Can you please provide me with correct syntax ?

sudo tcpdump -i eth1 sctp ip[x:1]=04 and ip[x:1]=05