[Winpcap-users] strange filtering issue
Guy Harris
guy at alum.mit.edu
Thu May 1 21:42:12 UTC 2014
On May 1, 2014, at 1:44 PM, Jerry Riedel <riedel at codylabs.com> wrote:
> I am trying to use filters in conjunction with saving the filtered packets to a file, using windump, but when I do, the filters seem to get ignored. Here is an example of what I am trying:
>
> c:\windump -i 1 -s 0 -C 100 -w test -W 40 !host 192.168.10.2
>
> When I use this, there are still packets to/from that host in the capture file.
Just out of curiosity, do any of those packets (the ones to/from 192.168.10.2) have VLAN headers?
And what happens if you do
c:\windump -i 1 -s 0 -C 100 -w test -W 40 not host 192.168.10.2
(just in case the command-line interpreter you're using is, in some cases but not others, doing something with the "!" character)?
And what happens if you do
c:\windump -i 1 -s 0 -w test !host 192.168.10.2
and just interrupt the capture with control-C (just in case either the -C or -W flags are somehow affecting this)?
More information about the Winpcap-users
mailing list