This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

“irc.request ” filter for libpcap

0

i have to filter out the "IRC request" packet form the list of capture packet

in wireshark the filter expression is "irc.request",but i am not able to write the same filter expression for lipcap

so please provide me the filter expression for libpcap

Thank you

asked 16 Apr '14, 09:18

deepak19911's gravatar image

deepak19911
11113
accept rate: 0%

edited 16 Apr '14, 21:03

One Answer:

0

Based on the IRC dissector code (packet-irc.c), a request is determined only by the direction of communication, meaning everything that is sent to the IRC server is a REQUEST and everything that is received from the IRC server is a RESPONSE.

So, a valid capture filter, that mimics the same behavior like irc.request would be

tcpdump -ni eth0 'dst port 6667'

assuming port 6667 is the standard IRC port.

You could also use the IP address of an IRC server

tcpdump -ni eth0 'dst host x.x.x.x' (please replace x.x.x.x with an IP address)

Regards
Kurt

answered 19 Apr '14, 16:19

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 19 Apr '14, 16:27