"irc.request " filter for libpcap

https://stackoverflow.com/questions/23106922

c
wireshark
libpcap

04-07-2023
|

Question

i have to filter out the "IRC request" packet form the list of capture packet

in wireshark the filter expression is "irc.request",but i am not able to write the same filter expression for lipcap

so please provide me the filter expression for libpcap

Thank you

Solution

The libpcap filter syntax is documented at: http://www.tcpdump.org/manpages/pcap-filter.7.html

Unfortunately, it does not directly recognize the IRC protocol. However, Wireshark determines whether an IRC message is a request or response by looking at the tcp port (is the message to or from port 6667) and we can do that with libpcap.

So you probably want "tcp dst port 6667" for your filter.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow