Wireshark · Ethereal-users: Re: [ethereal-users] Filters

Ethereal-users: Re: [ethereal-users] Filters

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Mon, 19 Jul 1999 09:33:27 -0500

On Sat, Jul 17, 1999 at 12:09:33PM -0500, Michael Spiceland wrote:
> 
> 
> To start, let me tell you my setup.  I have the identical situation on two
> computers.  One with a PII400 desktop 64MB of RAM with RH6.0.  Another on a
> Celeron 366 laptop with RH6.0 and 64MB of ram.  Both have 3COM NIC's that
> have never given me trouble in anyway.
> 
> > By "filters", do you mean display filters or capture filters? And yes,
> they
> > work.
> 
> I guess both.  Under preferences there is only one filters section.  In 
> this
> section all there is highlighted is the new button.  When I click on it,
> nothing happens.  Nothing is in the list box as far as options.  I am
> assuming that a list of filters should go here.

I think the filter UI is a bit misleading. First, you type in the
filter name and filter string in the text entry fields at the bottom
of the dialogue box, and then press "New" to add what you just typed
to your personal list of filters.

> I dont think so if it requires anything besides ./configure:make:make
> install
> I also installed the libcap rpm.  How do I do this?  Could this be what is
> wrong?

No. If you hand configured ethereal to use wiretap, your ability to
use display filters would have been severely limited. Since you did not
configure it to use wiretap (look at the README file), then you're using
normal libpcap display filters.

> window that it brings up and the application window seem to kind of stop
> responding and then they periodically update.  I get no real time capture,
> just a little window that says how many of each packet is sent (which is
> REALLY slow to update anyway).  Then when I hit the stop button to stop the
> capture, it takes about 30 sec. to a min. to stop the capture and then it
> will show the data that it collected.  I am assuming that something must be
> wrong here.

Are you on a network with little traffic, or perhaps on a switched segment?
The standard libpcap for Linux has a bug where timeouts don't work. 
Ethereal tells libpcap that we want to wait for packets for X number of
seconds. But libpcap doesn't honor this timeout and only returns when
a new packet comes in. http://ethereal.zing.org/~gerald contains
a patch for libpcap to rectify this.

> Is Ethereal this slow and unresponsive on other peoples computers?  I am

No.

--gilbert

Prev by Date: Re: [ethereal-users] ethereal failure on dual nic boxes?
Next by Date: [ethereal-users] Filter strings
Previous by thread: Re: [ethereal-users] Filters
Next by thread: [ethereal-users] Column Widths with -S on 0.6.3
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$