Janet Norton said:
> I would like to create Tethereal filter for ip.addr of interest and
> tcp.port eq 515 to streamline the collected data. Can someone help me
> with the syntax so I can create the correct capture filter.
host {IP address of interest} and tcp port 515
where "{IP address of interest}" is the IP address in question (or a host
name that resolves to that IP address).
On UN*X, see the tcpdump man page for your system for a discussion of the
capture filter syntax; "man tcpdump" from the command line should work, or
you could look at the FreeBSD collection of man pages (which has man pages
for many different FreeBSD releases *AND* many different releases of OSes
*other* than FreeBSD, including NetBSD, OpenBSD, Darwin (although you'd
have to know the Darwin version for particular Mac OS X releases), Red Hat
Linux distributions, SuSE Linux distributions, and various commercial
UNIXes):
http://www.freebsd.org/cgi/man.cgi
or the tcpdump man page on the Ethereal site:
http://www.ethereal.com/docs/man-pages/tcpdump.8.html
or on the tcpdump site:
http://www.tcpdump.org/tcpdump_man.html
although note that the manual for *your* system is most likely to be
accurate.
On Windows, see the WinDump man page:
http://windump.polito.it/docs/manual.htm
although that might not reflect the version of WinPcap you have.
