I am struggling to create a filter to capture VoIP traffic using Dumpcap. I can capture everything but I cannot apply a capture filter successfully. I need to basically capture the following.
Port 13060 TCP/UDP
Port 13061 TCP
Port 13090 TCP/UDP
Ports 54000-65000 UDP
This is the command I have so far.
dumpcap.exe -i 1 -f "SomeTextGoesHere" -a filesize:100000 -w "C:\Users\Administrator\Desktop\Dumpcap\Dumpcap.pcapng" -b files:100
Its the "SomeTextGoesHere" bit I'm struggling with! Is anybody able to help please?
asked 07 Apr '16, 02:02
You're looking for a capture (or tcpdump) filter. The reference page is here.
As that's a bit intense, to get you started you create a filter with expressions and combine them with and, or or not. To include both tcp and udp on port 13060 use
answered 07 Apr '16, 03:22