On Thu, Sep 12, 2002 at 12:21:46AM -0400, Alec S. Dhuse wrote:
> Is there a way in the live capture to adjust a filter to show only one
> protocol, and not all of them? thanks!
I'm not sure what you mean by "adjust a filter to show only one
protocol". Do you mean "specify a filter that shows only one protocol"?
I'm also not sure what you mean by "in the live capture"; do you mean
"is there a way to specify a capture filter that captures only packets
from one protocol"?
If so, then, for *some* protocols, yes, you can. See the tcpdump man
page on your system, if you're running on a UNIX system (install tcpdump
on your system if it's not already installed), or the WinPcap man page
at
http://windump.polito.it/docs/manual.htm
if you're running on Windows; look for the section that begins
expression
selects which packets will be dumped. If no expression
is given, all packets on the net will be dumped.
Otherwise, only packets for which expression is `true'
will be dumped.
Note that capture filters have relatively limited capabilities (because
they're implemented, on many platforms, by shoving a small program, in a
pseudo-machine-language, into the OS kernel, and the capabilities of
that machine are limited in order to make it easier for the OS kernel to
check whether the program will do Bad Things or not); they cannot check
for all the protocols known to Ethereal.
