Ethereal-users: Re: [ethereal-users] filters settings

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 19 Jul 2000 12:28:35 -0700 (PDT)
> Second, Ethereal actually uses tcpdump filtering syntax,

More specifically, it uses tcpdump filtering syntax for *capture*
filters, which are specified in the dialog box for the "Capture:Start"
menu item, and which control which packets being seen on the network
will be seen by Ethereal.

It does not use that syntax for *display* filters, which are specified
in the text box at the bottom of the display, and which control which of
the packets that Ethereal *has* seen, or which of the packets in the
capture file that Ethereal has read, will be shown on the display.  The
syntax the person who asked the original question was using is the
display filter syntax, which is what is documented in the Ethereal man
page; they were probably, as you suspected, using that for capture
filters.