Hi! I've two questions:
1.) I'd urgently need help/advice of how the following filter string has to be to be set as winpcap filter-string: I can't find any working string for the protocols. "eth src 00:0e:0C:76:86:5e" is working. Thanks for any reply and help My filter in wireshark: ((eth.src == 00:0e:0c:76:86:5e)&&!(frame.protocols=="eth:llc"))&&!(frame.protocols="e th:ans") 2.) Could someone tell me, how to reassemble Netbios Datagrams protocol:DCERPC? How does wireshark and co. know, the amount of frames, total size.... Once more thanks for any helpt and reply!!!!!! P.S.: if someone nees winpcap in realbasic....i'm working on it since 2 years ;-) - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
