"irc.request " filter for libpcap

StackOverflow https://stackoverflow.com/questions/23106922

  •  04-07-2023
  •  | 
  •  

Pergunta

i have to filter out the "IRC request" packet form the list of capture packet

in wireshark the filter expression is "irc.request",but i am not able to write the same filter expression for lipcap

so please provide me the filter expression for libpcap

Thank you

Foi útil?

Solução

The libpcap filter syntax is documented at: http://www.tcpdump.org/manpages/pcap-filter.7.html

Unfortunately, it does not directly recognize the IRC protocol. However, Wireshark determines whether an IRC message is a request or response by looking at the tcp port (is the message to or from port 6667) and we can do that with libpcap.

So you probably want "tcp dst port 6667" for your filter.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top