Ethereal-users: [Ethereal-users] EtherPeek equivalents in Ethereal (name table and offset filter
Please bear with me as I am new and inexperienced.
I have been using EtherPeek to capture/analyze data on a system with
IEEE-802.3 compliant 10Mb/s, bus topology, baseband signalling (10Base5) LAN
(closed-network - no connection to internet or anything like that), protocol
used is 802.2 LLC. I would like to become more familiar with Ethereal, but
I am used to EtherPeek terminology and am having trouble finding the
Ethereal equivalents. Two major areas I would like help with are Name
Resolution and Filtering.
Name Resolution - In EtherPeek, you can define a name table (file with .nam
extension). This allows for source/destination addresses in captures to be
viewed as recognizable names (as opposed to numerical values). In Ethereal
I would think the equivalent is Name Resolution, but I don't understand how
this feature works. When selecting menu option View - Name Resolution -
Resolve Name, where does Ethereal get the names? Can I add names to
wherever it is looking? All the addresses are Ethernet (XX:XX:XX:XX:XX:XX)
- so basically I want to know how to have for example E2:DA:00:00:00:00
displayed as Node_1 in the Ethereal capture window. How can I do this?
Offset Filtering - In EtherPeek, you can define a filter based on an offset
anywhere within the packet. Looking at Ethereal, it seems as though
filtering is accomplished based on the protocols available in the Filter
Expression window (Analyze - Display Filters - Expression... button). I see
LLC listed, but I would like to filter based on bytes further within the
payload (I guess at the application layer), for example only filter packets
where offset 51 is equal to 24H. How can I do this?
Thank you. I have browsed through the online documentation and performed
searches from the Ethereal Lists page and haven't been able to figure out
the above. Also I'm using version 0.10.6 on Windows 2000 OS.
Phil
