LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-03-2010, 06:15 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
Wireshark syntax


Hello,

I'm trying to capture packets with WireShark on 2 port ranges.

This syntax is not working :
Quote:
bash-3.2# /usr/sbin/tcpdump -ttttvv udp portrange 8500-8600 and portrange 5060-5070
There is no output...

What is the correct syntax for defining multiple port ranges ??
 
Old 07-03-2010, 08:01 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well that's tcpdump, not wireshark. They are not in the slightest the same program. tshark is the text based version of wireshark.

So you're saying portrange twice, so one end needs to be in one range, the other end in the other... on a normal connection that's unlikely as the source port would be higher up in the ephemeral ports. do you want an or instead?
 
Old 07-03-2010, 01:48 PM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Sorry for the confusion about Wireshark vs tcpdump. My question is poorly formulated.

I have a text-based server, no GUI, where I want to capture packets. I use tcpdump for this.

These captured packets I want to analyze on my Fedora 12 system with Gnome-GUI with WireShark.

I find examples that explain how to capture traffic on a portrange. I do not find examples on how to capture 2 port ranges.

So I want to capture all packets on portrange 8500:8600 AND also all packets on portrange 5060:5070. All the other ports are of no interest to me.

What is the correct syntax ??
 
Old 07-03-2010, 03:13 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
you want an or. I want packets in this range OR i want packets in this other range - not both at the same time.
 
Old 07-03-2010, 05:52 PM   #5
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
you want an or. I want packets in this range OR i want packets in this other range - not both at the same time.
Yes indeed, I must be very distracted...

Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[python] syntax Error : invalid syntax Python_user Programming 2 09-06-2009 01:52 PM
wireshark ... maas187 Linux - Software 1 08-27-2008 10:18 PM
start wireshark? andy851899 Linux - Networking 1 12-27-2007 12:22 PM
wireshark help koedil Fedora 1 11-30-2007 08:08 PM
Wireshark Help bgeddy Slackware 9 09-30-2006 01:34 PM


All times are GMT -5. The time now is 02:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration