Wireshark · Ethereal-users: Re: [Ethereal-users] Question about packet filtering

Ethereal-users: Re: [Ethereal-users] Question about packet filtering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Urwin <richard@xxxxxxxxxxxxxxx>

Date: Thu, 8 Apr 2004 22:49:08 +0100

On Thursday 08 Apr 2004 9:50 pm, Matthew Bedford wrote:
> I wish to filter traffic during capture for particular protocols,
> such as AIM, for all hosts and IPs. What would the proper syntax be.
> I've tried reading the tcpdump man page (umm, lost...) and I've read
> the help section. I've tried "ether proto AIM" and "ip proto AIM" but
> it keeps saying I'm using incorrect syntax.

The capture syntax only goes as high as TCP or UDP. AIM is above one of 
those. A display filter will work OK. Filter on the addresses to keep 
the size of the capture down.

-- 
Richard Urwin

References:
- [Ethereal-users] Question about packet filtering
  - From: Matthew Bedford

Prev by Date: Re: [Ethereal-users] basic question
Next by Date: Re: [Ethereal-users] Not seeing PPPoE packets when filtering
Previous by thread: [Ethereal-users] Question about packet filtering
Next by thread: Re: [Ethereal-users] Question about packet filtering
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$