Ethereal-users: Re: [Ethereal-users] tethereal filer syntax

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 28 Jul 2006 10:59:09 -0700
M.N.Smadi wrote:
I have some 802.11 capture files with prism header. Can anyone provide me with the syntax for command line argument for tethereal to parse for an AP with a given mac address (i.e. how to pull up the header and search for wlan.sa == filter
If by "search" you mean "filter" - i.e., read the capture file, and discard all packets not to or from that AP - that'd be 

	tethereal -R "wlan.sa == {address}" -r {input file}
(unless, of course, you've upgraded to the latest version, in which case it'd be "tshark", not "tethereal" - see http://www.wireshark.org/). {address} here would be the MAC address of the AP and {input file} the file you're reading. 
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users