A capture filter would be specified with -f, such as tshark -f 'tcp port 99' -w bvlc.pcap -F pcap which does work. It does not have a display filter option. 2 Answers Sort by oldest newest most voted 0 answered Jun 29 '0 Guy Harris 19785 3 577 207 updated Jun 29 '0 -Y bacnet is a display filter, not a capture filter. It is available in most Linux systems even very small or special. Compare different syntax of the port filtering between the display and the capture filters in line above.Īll other options like -a, -b, -w, -s can be applied too.
All packets are captured, but only the 8.8.8.8 IP address packets having UDP port 53 (i.e. 
Only the DNS packets are captured, and only the 8.8.8.8 IP address packets from captured are displayed. All packets are captured, but only the 8.8.8.8 IP address packets are displayed. 
display filter, -Y tshark option: It selects which packets will be displayed from all captured ones.Įxamples: tshark -i eth0 -n -Y "ip.addr=8.8.8.8". capture filter, -f tshark option: It selects which packets will be captured and which not. The thsark filters have the same syntax as Wireshark. First command releases the IP address and your connection will be interrupted without a possibility to put second command and get address back remotely. Warning: Do not apply these commands if you are connected remotely. Try to force a DHCP activity by commands in second teminal window of the same device: sudo dhclient -r Maybe no DHCP packets arrived and therefore not captured.
0 kommentar(er)
