On Tue, 9 Jan 2001, Gilbert Ramirez wrote:
> On Tue, Jan 09, 2001 at 03:11:20PM -0900, James A. Crippen wrote:
> > I'm trying to set some display filters for tethereal that seem okay by the
> > docs but cause errors when I use them.
> >
> > I want to see everything on eth0 except ipx traffic, so I say
> > tethereal -i eth0 "not ipx"
> > but I get
> > tethereal: Unable to parse filter string (parse error).
> > However if I say something like
> > tethereal -i eth0 "not ip"
> > then I get lots of IPX traffic, but no IP traffic, which is what I'd
> > expect. I have the same problem filtering NetBIOS, NBNS, and some
> > others. The converse is also true, I can't filter "ipx" or "netbios" or
> > the like.
> >
> > I installed the x86 RPM (on an RH6.2 box). Perhaps I should go get the
> > source?
> >
> > 'james
>
> Try: tethereal -i eth0 -R not ipx
>
> Which uses a "read filter" instead of a "capture filter". A "read filter"
> uses [t]ethereal's filter syntax, while a capture filter uses libpcap's
> filter syntax (which is defined in the tcpdump man page).
Yeah, after staring at the manpage for about five more minutes I saw
that... :P
May I suggest the following minor changes to the manpage Synopsis section
for tethereal? (Haven't looked at ethereal's page yet.)
Change
... [ -f filter expression ] ... [ -R filter expression ] ... [ filter
expression ]
to
... [ -f capture filter expression ] ... [ -R read filter expression ]
... [ capture filter expression ]
which would make it more obvious that the default is a capture filter and
not a read filter, and emphasizes that they're not semantically the same
(which is implied by saying "filter expression" in both places).
That would keep impatient people like me who don't want to read the manual
from asking stupid questions... :)
Thanks!
'james
--
James A. Crippen <james@xxxxxxxxxxxx> ,-./-. Anchorage, Alaska,
Lambda Unlimited: Recursion 'R' Us | |/ | USA, 61.2069 N, 149.766 W,
Y = \f.(\x.f(xx)) (\x.f(xx)) | |\ | Earth, Sol System,
Y(F) = F(Y(F)) \_,-_/ Milky Way.
