> Q2. After creating a display filter and attempting to save it I get an error
> "can't create directory c:"
> your thoughts on this would be appreciated.
This is a bug that will be fixed in the next release.
The workaround is:
if you have a C:\.ethereal directory, rename it to C:\Ethereal
if you don't have a C:\.ethereal directory, create a directory
C:\Ethereal
> Q3. I understand that display filters and capture filters have a different
> syntax.
> I must be missing the area of the documentation on how this is done.
Display filter syntax is in the Ethereal manual page, which I think
might come with the Ethereal Windows distribution in HTML form. See
also
http://www.ethereal.com/ethereal.1.html
Capture filter syntax is in the tcpdump/WinDump man page, as Ethereal
and tcpdump/WinDump use the same routine in the same library to handle
capture filters. You should check the WinDump man page, at
http://netgroup-serv.polito.it/windump/docs/manual.htm
> Q5. Are their any examples of filters available. I am looking for a filter
> that captures all traffic between
> to specific IP addresses.
There are some examples of capture filters in the WinDump man page; look
for the "EXAMPLES" section.
One example from there is
To print traffic between helios and either hot or ace:
tcpdump host helios and \( hot or ace \)
Note that the "tcpdump" part is *NOT* part of the filter, and you must
*NOT* type it in the dialog box for a capture; it's part of the command
line to run tcpdump (as tcpdump/WinDump is a command-line program).
So, to capture between two IP addresses, use the filter
host {first address} and {second address}
where "{first address}" and "{second address}" are the IP addresses or
host names for the two machines.
