Ethereal-dev: [ethereal-dev] Syntax for capture filter (Truth in advertising?)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ben Fowler <wapdev@xxxxxxxxxxxx>
Date: Mon, 19 Jun 2000 00:01:17 +0100
I have not been able to find an answer to this in the FAQ list, but I fear that
this may be my lack of attention to detail.

I am trying to monitor web traffic across my network, from a Squid proxy and
from an Apache origin server. I guessed that one way of doing this would be
to establish a capture filter which would intercept traffic addressed
to either port 80 (apache) or port 3128 (squid). With tcpdump, this
command and filter works:

        tcpdump -i eth0 'tcp port 80 or tcp port 3128'

but the same (capture) filter appears to be faulty in ethereal, giving
a parse error.

Why is this? Does it matter, given that the documentation specifies that
capture filters obey the same syntax as tcpdump? What can be done?

I also want to capture DNS and ICP traffic if possible.

My guess is that I am misunderstanding something central to the way that
ethereal works and/or my version of tcpdump uses a different library or
version to the latest ethereal.

Ben


--
Leedsnet - The information resource for Leeds and the West Riding
< URL:http://www.leedsnet.com/mobile/ >