FAQ for Packet Decode
If you need some general tips to get started, see this post:
I tried the tcpdump/windump filters but they don’t seem to work.
Many of the filters include an ampersand character ( & ). This will get processed as an operating system command unless you tell the system otherwise. The command syntax is to simply enclose the filter in quotes. Use double quotes on Windows and single quotes on everything else. For example:
tcpdump -nn -v ‘ip[0]&15=5′
windump -nn -v “ip[0]&15=5″
