Thanks. So how about if I wanted to only capture all packets to and from 10.10.10.10 ( host ip adress) but just arp, dns and ping? What does this changes? Or I need to create another filter???
arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply On Jan 6, 2008 5:28 PM, Guy Harris <[EMAIL PROTECTED]> wrote: > nilay yildirim wrote: > > > How can I set up a capture filter just to capture ARP, DNS and PING? > > "DNS" generally means "traffic to or from the Domain Name System port", > and "PING" generally means "ICMP Echo and Echo Reply packets", so: > > arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] > = > icmp-echoreply > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users >
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
