Meraki

Community

Packet captures on port ranges

Solved
DBCK
Here to help
‎May 12 2021 3:29 AM
‎May 12 2021 3:29 AM

Packet captures on port ranges

Hi all,

 

i'm sure there was a filter expression with the Meraki packet captures to capture a range of ports, can anybody confirm the expression required to capture a range, for example lets say i want to capture only Microsoft teams audio i would want to filter on this port range,

 

50,000-50,019

 

expression, "port range 50000 to 50019" is what i would logically assume but is not correct, can anyone advise.

 

Thanks

 

0 Kudos
1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal
‎May 12 2021 3:53 AM
‎May 12 2021 3:53 AM

You can use the option portrange 50000-50019 for this (without a space and using a dash).

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal
‎May 12 2021 3:53 AM
‎May 12 2021 3:53 AM

You can use the option portrange 50000-50019 for this (without a space and using a dash).

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
DBCK
Here to help
‎May 12 2021 4:04 AM
‎May 12 2021 4:04 AM

Thanks Karstenl, something so simple but works as it should thanks for your response

0 Kudos
In response to DBCK
KarstenI
Kind of a big deal
Kind of a big deal
‎May 12 2021 4:09 AM
‎May 12 2021 4:09 AM

Well, it's not always that simple and at least my tcpdump expressions also not always work on the first try ... 🙂

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 12 2021 2:52 PM
‎May 12 2021 2:52 PM

Pro tip; capture far more than you want, and then limit it in Wireshark afterwards using a display filter.

 

For example, I'd be tempted to use a capture filter of something like "udp" to capture all UDP traffic, and then narrow it down afterwards.

 

Often you'll find something unusual and want to see what else was happening around that time, or was there some other trigger, and you want to be able to just see those extra packets without doing another capture.

In response to PhilipDAth
DBCK
Here to help
‎May 13 2021 1:18 AM
‎May 13 2021 1:18 AM

Thanks Philip, the problem i had with that is Meraki limits the duration to 1200 seconds (20minutes) or 100,000 packets and even filtering on UDP it runs for around 25 seconds and ive hit the 100,000 packets allready which is why i needed a more specific expression for the range i was looking at.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.