Ethereal-users: Re: [Ethereal-users] tcpdump lines to use when capturing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 8 May 2003 12:55:04 -0700
On Thursday 08 May 2003 6:19 pm, cplusplus@xxxxxxxxx wrote:
> I thought i could do it by entering:
> ether proto smtp
> but no such luck.. :/

"ether proto smtp" won't work at all, as SMTP doesn't directly run atop
Ethernet.

> On Thu, May 08, 2003 at 06:59:38PM +0100, Richard Urwin wrote:
> Try:
>     port 25
> 
> IIRC, capture filters don't have decoders for any protocol above the level of 
> TCP/UDP.

Correct, although

	port smtp

might work.  ("tcp port smtp", or "tcp port 25", might be better,
although UDP traffic to port 25 is probably unlikely.)