Bene Tam wrote: <what should i do to capture SNMP packet only in myNIC?? <
<I would like to specify protocol instead of udp or port no. Ethereal uses libpcap/Winpcap for capturing and the capture filter syntax is described in the documentation for the corresponding tcpdump/WinDump man-page. http://windump.polito.it/docs/manual.htm http://www.tcpdump.org/tcpdump_man.html You can use capture filters like "udp port 161 or 162" if the default SNMP/SNMP-TRAP ports are used. A filter "udp port \snmp or \snmp-trap" will probably also work and be equivalent to "udp port 161 or 162" "snmp" is a valid diplay filter - but not a valid capture filter. Ethereal may however not decode SNMP packets sent to/from other ports than the default ports (161/162) as SNMP packets - and then that filter will not work. You'll have to use the "Decode As.." functionality if other ports are used.
