Thank you for response. When I specify any range of ports with this type of expression windump "tcp[0:2]>=79 and tcp[0:2]<=81"
I do not receive any windump messages on the screen. However, windump "tcp[0:2]>=79" works and windump "tcp[0:2]<=81" works too if you use winpcap 3.1. You can check it using your IE that works on port 80 Alex Narinsky -----Original Message----- From: Guy Harris [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 21, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: [SPAM] Re: [WinPcap-users] Can I specify a range of ports for windump On Apr 21, 2004, at 11:35 AM, Alex Narinsky wrote: > I am trying to specify a range of ports for windump. On LINUX it is > possible with the following expression: > > tcpdump "tcp[0:2] >= 8192 and tcp[0:2] <= 8294" > > (from http://www.firetower.com/forum/tcpdump.html) > > However, windump does not allow any packet with this kind of > expression. > Only a simple condition works, such as tcpdump "tcp[0:2] >= 8192". What happens when you try tcp[0:2] >= 8192 and tcp[0:2] <= 8294 with WinDump? (You should quote the expression, just as you do on UN*X.) If that doesn't work, it's a bug - that's common libpcap/WinPcap code, and it should work on *all* platforms with libpcap/WinPcap. ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
