to expand on Jack's answer
as a capture filter:
(tcp port 80 or tcp port 443) and host a.b.c.d
you can then use a display filter of
http or ssl
On 15/09/05, Jack Jackson <jack@xxxxxxxxxxxxxxx> wrote:
> At 11:55 PM 9/14/2005, Walters, Adam S wrote:
>
> >Hi,
> >
> >I am looking for some assistance with the Ethereal app. I am running it
> >on a service which handles multiple data streams. I am only interested in
> >filtering HTTP based traffic but cannot provide a valid filter for this option.
> >
> >I have tried filters such as the following, however all return a "Invalid
> >capture filter" error message.
> >
> >http.request.method == "POST"
> >http contains "xxxxxx.com"
> >http contains xxxxxx.com
> >http.request contains "xxxxxx.com"
> >http.request "xxxxx"
> >http.request xxxxx
> >
> >Ideally I would like to configure Ethereal to provide me with a list of
> >all HTTP requests with the destination DNS/URL.
>
> Ethereal has two kinds of filters, capture filters which are processed by
> the capture mechanism, and display filters, which are processed by
> Ethereal, and the syntax of the two is very different. You have used the
> display filter syntax for a capture filter.
>
> Capture filters are very simplistic, because they are executed in the
> kernel. You can exclude all but http with "tcp port 80" (assuming that the
> http is on port 80).
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
