Ethereal-users: Re: [ethereal-users] Ethereal Capture filters...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Wed, 29 Sep 1999 18:14:26 -0500
On Wed, Sep 29, 1999 at 05:43:44PM -0500, Fernando Medina Jr. wrote:
> 
> 
> Is there a web page where I can look at syntax, I can't figure them
> out.  I tried ip.src ne xx.xx.xx.xx as a simple capture filter, but I
> got a can't parse error.  That syntax works as a view filter, which I
> got from the ethereal man page.  Thanks,

I think we need to work on highlighting this more, but in the
ethereal man page you'll find:

       Capture Preferences
           The Capture Preferences dialog lets you specify
           various parameters for capturing live packet data.

           The Interface: combo box lets you specify the
           interface from which to capture packet data.  The
           Count: entry specifies the number of packets to
           capture.  Entering 0 will capture packets

-->        indefinitely.  The Filter: entry lets you specify the
-->        capture filter using a tcpdump-style filter string as
-->        described above.  The File: entry specifies the file

           to save to, as in the Printer Options dialog above.
           You can specify the maximum number of bytes to capture
           per packet with the Capture length entry, and can
           specify that the display should be updated as packets
           are captured with the Update list of packets in real
           time check box.

So, for capture filters, look at the tcpdump man page.
We plan to get rid of this unfortunate situation of having 2 filter
syntaxes.

--gilbert