Hi James.
Can you please try to dump the packets to disk with windump (no filter), then try to offline filter those packets offline with windump? If it fails, please send me then unfiltered trace file, and I'llk try to reproduce the problem.
Steps: 1. Capture to file "windump -i<some adapter> -w somefile.cap" 2. Offline filter the file "windump -r somefile.cap port 25"
Have a nice day GV
----- Original Message ----- From: "James Garrison" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 06, 2005 12:41 AM
Subject: [WinPcap-users] Capture Filter on port - strange behavior
Originally posted on ethereal-users, referred to winpcap-users from there.
Running on Windows XP SP2 with Ethereal versions 0.10.10 and WinPCap 3.0.
If I provide the following capture filter:
port 25
in order to capture an SMTP transaction, I see only packets with destination port 25 -- I.e. I see the the client's outgoing packets only.
However, if I capture with NO filter specified, I see all packets, so I know WinPCap is capturing all the traffic.
I also tried
src port 25 || dst port 25
but the results were the same. This used to work just fine. Has something changed or am I missing something?
I also tried Ethereal 0.10.9 and WinPCap 3.1beta4 with the same results.
-- James Garrison Athens Group, Inc. mailto:[EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
