[Winpcap-users] Filtering on offline PCAP file
Guy Harris
guy at alum.mit.edu
Fri Aug 5 07:05:47 GMT 2005
cycl0ne dude wrote:
> its like: noob.exe -r input-big.cap -w smtp-only.cap <filter>
>
> where <filter> is a bpf to filter out all SMTP packets from offline
> pcap file "input-big.cap", and save all the filtered or output packets to
> "smtp-only.cap" file.
A BPF filter can't recognize SMTP; it can, however, recognize traffic to
and from port 25, so try the filter "tcp port 25".
More information about the Winpcap-users
mailing list