[Winpcap-users] strange filtering issue
Jerry Riedel
riedel at codylabs.com
Thu May 1 20:44:05 UTC 2014
Hello,
I am trying to use filters in conjunction with saving the filtered packets to a file, using windump, but when I do, the filters seem to get ignored. Here is an example of what I am trying:
c:\windump -i 1 -s 0 -C 100 -w test -W 40 !host 192.168.10.2
When I use this, there are still packets to/from that host in the capture file. On the other hand, if I use:
windump -i 1 !host 192.168.10.2
...on the command line, I can see the packets to/from that host filtered out. To be clear, if I remove the ! from the command line, I see traffic to/from that host, if I add the ! back in, I don't, and there is a constant stream of traffic to/from this host.
The documentation I have been able to find seems to indicate that this is legal and I don't get any syntax errors. What am I missing?
Thanks,
Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20140501/c009e13c/attachment.html>
More information about the Winpcap-users
mailing list