[Wireshark-users] Capture filter for ARP, DNS and PING

2008-01-06 Thread nilay yildirim 
Hi,

How can I set up a capture filter just to capture ARP, DNS and PING? I did
it with Display filters but the same method didn't work for the Capture
filter. I'm new to Wireshark and still struggling with some easy stuff.

Nilay
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users

Re: [Wireshark-users] Capture filter for ARP, DNS and PING

2008-01-06 Thread nilay yildirim 
Thanks. So how about if I wanted to only capture all packets to and from
10.10.10.10 ( host ip adress) but just arp, dns and ping? What does this
changes? Or I need to create another filter???

arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] =
icmp-echoreply


On Jan 6, 2008 5:28 PM, Guy Harris [EMAIL PROTECTED] wrote:

 nilay yildirim wrote:

  How can I set up a capture filter just to capture ARP, DNS and PING?

 DNS generally means traffic to or from the Domain Name System port,
 and PING generally means ICMP Echo and Echo Reply packets, so:

arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype]
 =
 icmp-echoreply
 ___
 Wireshark-users mailing list
 Wireshark-users@wireshark.org
 http://www.wireshark.org/mailman/listinfo/wireshark-users

___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users