This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I am struggling to create a filter to capture VoIP traffic using Dumpcap. I can capture everything but I cannot apply a capture filter successfully. I need to basically capture the following.

Port 13060 TCP/UDP

Port 13061 TCP

Port 13090 TCP/UDP

Ports 54000-65000 UDP

This is the command I have so far.

dumpcap.exe -i 1 -f "SomeTextGoesHere" -a filesize:100000 -w "C:\Users\Administrator\Desktop\Dumpcap\Dumpcap.pcapng" -b files:100

Its the "SomeTextGoesHere" bit I'm struggling with! Is anybody able to help please?

Regards,

Jonathan.

asked 07 Apr '16, 02:02

jonathanbaird's gravatar image

jonathanbaird
6447
accept rate: 50%


You're looking for a capture (or tcpdump) filter. The reference page is here.

As that's a bit intense, to get you started you create a filter with expressions and combine them with and, or or not. To include both tcp and udp on port 13060 use "port 13060". To include tcp on port 13061 use "tcp port 13061". To combine these so that packets match the first or the second expression use "port 13060 or tcp port 13061" To specify a range of ports use portrange, e.g. "udp portrange 54000-65000".

permanent link

answered 07 Apr '16, 03:22

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks Graham I'll give it a go! :)

(07 Apr '16, 04:12) jonathanbaird
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×238
×139
×109
×89
×37

question asked: 07 Apr '16, 02:02

question was seen: 3,886 times

last updated: 07 Apr '16, 04:12

p​o​w​e​r​e​d by O​S​Q​A