Making a capture filter(I think) that hides packets from 10.1.1.2, only udp and less then 75 length. I'm really knew so please help. Edit: new* hahahah asked 02 Sep '14, 20:26  akiyopringle edited 02 Sep '14, 20:26 |
One Answer:
So I'll ignore the length part, as I can't answer that without knowing exactly what you mean by "less than 75 length". If by "capture filter" you mean you want to capture live traffic and discard all the traffic in which you're not interested, the filter would be If you have already captured some traffic, and want to display only the packets that aren't from 10.1.1.2 and that are UDP packets, that would be a display filter, and the display filter would be answered 07 Sep '14, 01:27  Guy Harris ♦♦ |
I.e.:
If so, by "length" do you mean the length of the full link-layer packet, including the link-level header (Ethernet header, 802.11 header, etc.), or do you mean the length of the IP packet (not including the length of the link-level header but including the length of the IP header), or the length of the UDP packet (not including the length of the link-level and IP headers but including the length of the UDP header), or the length of the UDP payload (not including the length of the link-level, IP, and UDP headers)?
I don't know man. I can't understand half of what you're saying :(