This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do you capture port

0

I want to capture activities between 192.168.1.10 port 9600(2008 server) and 192.168.1.35 port 9030(Canon copier print server).

In Wireshark 1.10.2, under the caption options, then capture filter, what should I type in there?

Thanks,

Paul

asked 14 Oct '13, 11:28

CSA's gravatar image

CSA
1111
accept rate: 0%

One Answer:

1

If you want to exactly filter on that 4-tuple, the filter would be:

((src host 192.168.1.10 and src port 9600 and dst host 192.168.1.35 and dst port 9030) or (dst host 192.168.1.10 and dst port 9600 and src host 192.168.1.35 and src port 9030))

However, the following filter would generally fit your need as well:

host 192.168.1.10 and host 192.168.1.35 and port 9600 and port 9030

As the source port might change between sessions, you might want to drop the "port 9600" part.

Then beware of vlan tagging, if you are capturing on a link where vlan tagging is being used, make the filter:

vlan and host 192.168.1.10 and host 192.168.1.35 and port 9600 and port 9030

answered 14 Oct '13, 11:57

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%