Ethereal-dev: Re: [ethereal-dev] packet capture from switches and other RMON devices

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: guy@xxxxxxxxxx (Guy Harris)
Date: Wed, 12 May 1999 17:29:12 -0700 (PDT)
> I was thinking of a filter saying "I only want the IP UDP datagrams from 
> remote capture device 10.1.9.65".

I.e., "capture only UDP datagrams from device 10.1.9.65" (that's a
capture filter), or "once I've captured datagrams from device 10.1.9.65,
show me only the UDP datagrams" (that's a display filter)?

And does that mean "capture/show me only packets from device 10.1.9.65
and, of those datagrams, capture/show me only UDP datagrams", or
"capture/show me packets from several devices, but, of those packets,
for the ones coming from device 10.1.9.65, capture/show me only UDP
datgrams"?

If the former, at least for captures, I'd expect that to be done by
separately specifying "capture only from 10.1.9.65" and "capture only
UDP datagrams"; the former would control which live-capture streams we
opened with Wiretap, and the latter would control the filter expression
we handed to Wiretape for that device.