[Winpcap-users] strange filtering issue
Black, Mike (IS)
Michael.Black2 at ngc.com
Thu May 1 22:09:02 UTC 2014
Are you sure you're looking at the correct output file?
What you're describing works for me:
I did this:
windump -s 0 -C100 -w test -W 40 -i 2 host !192.168.1.1
And did a ping and a web port request to it while running...
Then I do this...note that the filename is test00
windump -r test00 host 192.168.1.1
reading from file test00, link-type EN10MB (Ethernet)
And no packets are shown.
Michael D. Black
Senior Scientist
Analytics, Production and Services
Advanced GEOINT Systems
Northrop Grumman Information Systems
________________________________
From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org] on behalf of Jerry Riedel [riedel at codylabs.com]
Sent: Thursday, May 01, 2014 3:44 PM
To: winpcap-users at winpcap.org
Subject: EXT :[Winpcap-users] strange filtering issue
Hello,
I am trying to use filters in conjunction with saving the filtered packets to a file, using windump, but when I do, the filters seem to get ignored. Here is an example of what I am trying:
c:\windump -i 1 -s 0 -C 100 -w test -W 40 !host 192.168.10.2
When I use this, there are still packets to/from that host in the capture file. On the other hand, if I use:
windump -i 1 !host 192.168.10.2
…on the command line, I can see the packets to/from that host filtered out. To be clear, if I remove the ! from the command line, I see traffic to/from that host, if I add the ! back in, I don’t, and there is a constant stream of traffic to/from this host.
The documentation I have been able to find seems to indicate that this is legal and I don’t get any syntax errors. What am I missing?
Thanks,
Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20140501/61b5c336/attachment.html>
More information about the Winpcap-users
mailing list