I am trying look for all the ports used by Fifa 12. I am using https://help.ea.com/article/fifa-12-online-ports for the information. Is this the best way look for the information for a PC communications as follows? (udp.port==9565)||(udp.port==9570)||(udp.port==6000)||(tcp.port==9946)||(tcp.port==9988)||(tcp.port==42124)||(tcp.port>=10000)||(tcp.port<=20000) asked 07 May '12, 17:56  Perceptus |
2 Answers:
If one uses tcp.port, then both source and destination port will match, which makes it impossible to define a valid range, as the source port will be random and might match as well (and possibly more often than the intended destination port) This rather long filter will match better (tested on the sample below):
BEWARE: You need both tcp.dstport and tcp.srcport, to get packets of both directions. This filter will also match for source ports in that range. However, you can't prevent that without further scripting. EDIT: Test file: http://cloudshark.org/captures/bd90209e690f The display filter can be tested within cloudshark ;-) If you apply the filter, you won't see packets with port 30000, which appear first in frame 87. With the filter 'tcp.flags eq 0x02' you will see the ports used in that capture file. EDIT2: As Jasper already mentioned above, this filter will do as well :-))
as it's equivalent to my much longer filter! Sorry for any confusion ;-) Regards answered 08 May '12, 01:56  Kurt Knochner ♦ edited 08 May '12, 03:28 |
That last bit "(tcp.port>=10000)||(tcp.port<=20000)" just opens up the filter to all TCP ports. answered 08 May '12, 01:07  Jaap ♦ probably the "or" should be an "and", but then the range needs to be put in additional brackets. (08 May '12, 01:15) Jasper ♦♦ |
That is excellent information. Can I use that also for a capture filter?
Yes, but the syntax is different.
portrange works at least with 1.7.1. (just tested). If it does not work with an earlier versions (not checked), please upgrade.