Ethereal-users: Re: [Ethereal-users] Filtering problems

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Tue, 9 Jan 2001 19:17:11 -0500
On Tue, Jan 09, 2001 at 03:11:20PM -0900, James A. Crippen wrote:
> I'm trying to set some display filters for tethereal that seem okay by the
> docs but cause errors when I use them.
> 
> I want to see everything on eth0 except ipx traffic, so I say
>   tethereal -i eth0 "not ipx"
> but I get 
>   tethereal: Unable to parse filter string (parse error).
> However if I say something like
>   tethereal -i eth0 "not ip"
> then I get lots of IPX traffic, but no IP traffic, which is what I'd
> expect.  I have the same problem filtering NetBIOS, NBNS, and some
> others.  The converse is also true, I can't filter "ipx" or "netbios" or
> the like.
> 
> I installed the x86 RPM (on an RH6.2 box).  Perhaps I should go get the
> source?
> 
> 'james

Try: tethereal -i eth0 -R not ipx

Which uses a "read filter" instead of a "capture filter". A "read filter"
uses [t]ethereal's filter syntax, while a capture filter uses libpcap's
filter syntax (which is defined in the tcpdump man page).

--gilbert