This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Display filter with ip destination and port dest: what is wrong?

0
tshark -r "semAtaques.pcap" -Tfields -e frame.time_epoch -e tcp.window_size_value -e ip.dst -Y "ip.dst == 192.168.91.5" -e tcp.port eq 80 >> winTime_10Abril_SemAtaques.txt

asked 28 May '17, 17:38

foxmodem's gravatar image

foxmodem
6224
accept rate: 0%

edited 29 May '17, 08:05

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

2 Answers:

1

-Y "ip.dst==192.168.91.5 && tcp.port==80" for all packets to 192.168.91.5 with 80 as either source or destination port,

or

-Y "ip.dst==192.168.91.5 && tcp.dstport==80" for all packets to 192.168.91.5 with 80 as the destination port.

answered 28 May '17, 19:46

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

0

"-e tcp.port eq 80" is probably the problem - I guess you wanted to add that to the -Y parameter? If not, it should only be "-e tcp.port" without the compare operator.

answered 28 May '17, 17:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I need to filter TCP port 80 too. How can I add it in the code? Thanks

(28 May '17, 17:46) foxmodem

Yes, he wanted to add that to the -Y parameter; Jim Aragon's answer shows how to do that.

(28 May '17, 20:21) Guy Harris ♦♦