From: Marco P. Rodrigues (marco@rodrigues.ca)
Date: Tue Dec 30 2003 - 01:37:40 GMT-3
.: ive got an unusal problem here because of which
.:im supposed to sniff packets for a source and
.:destination layer 4 port both of which are dynamic, i
.:know the application which runs at the client site
.:uses that (6200 port number) as it is programmed to do
.:so and it is working, but still using ethereal im only
.:able to get as far as having a fixed known port on
.:either destination or source traffic the other being
.:dynamic, can i somehow sniff packets which have both
.:source and destination ports dynamic and not fixed
.:like arp, vines etc....
Try just filtering for the port 6200 (src or dst) AND the IP of the
machine you're interested in.
Under capture options for the filter field (unless you have one
predefined) just put a regular tcpdump expression. So filter field
should look something like:
Filter: port 6200 and ip host X.X.X.X.
You can create a specific filter file also for more complex matches.
HTH.
mpr.
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:46 GMT-3