First, I would strongly recommend that you upgrade Ethereal
to version 0.8.9 or 0.8.10.
Second, Ethereal actually uses tcpdump filtering syntax, so the
best way to get your filters correct is to use the tcpdump man
page. For example, to get all packets with the src ip of 10.1.1.1:
# tcpdump src host 10.1.1.1
I use tcpdump to test the filter, then if it works, I put it into
ethereal---in this case "src host 10.1.1.1"
Double check the tcpdump syntax on your system (SuSE) because I've
noticed some differences between RedHat (which is what I run) and
other distributions with respect to tcpdump.
Hope this helps.
Scott
Anastasia Leventi-Peetz wrote:
>
> Dear ethereal users
>
> I write again because I don't know if my previous mail has arrived.
> I have problems with establishing filters for the program.
> Following the examples of the man pages I've given
> udp.port == portnumber
>
> or
> src.ip-address == myaddress
>
> and I get always parse error. I have also tried by editing
> .ethereal/filters. No use
> It didn't appear as old filter anyway. Does anybody have an advise?
> I run ethereal 0.8.3 on a Linux pc (SuSE 6.4)
> Many thanks Anastasia
>
> --
> Dr. Anastasia Leventi-Peetz E-Mail: leventi@xxxxxxx
> c/o FGAN/FKIE Tel: (+49) 228/9435 593
> Neuenahrer Strasse 20 Fax: (+49) 228/9435 685
> D-53343 Wachtberg, Germany http://www.fgan.de
