Ethereal-dev: Re: [Ethereal-dev] Checking out Sniffer ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Tue, 5 Mar 2002 22:03:23 +1100
I may need to test this again.
My memories from trying filtering in netmon was something really crude as
say filtering for NFS filenames that I would have to do something as easy to
use as
frame[25:30]=="FooBar"
which first of all requires that I know exactly where inside the packet that
the filename or whatever is stored
and which of course would need a pretty complex filter in case I dont know
and dont care where
inside the packet these bytes are or I want to filter for ALL such packets
and FooBar can be positioned at different
places in the packet depending on the type of packet.

i.e. when i just want something as simple as typing 'nfs.name=="FooBar"' in
a filter box and get the packets i want,
without any hassles.
I failed to get this to work for me properly and I just got angry since I
couldnt just type nfs.name=="FooBar" as I was used to.



----- Original Message -----
From: "Guy Harris"
Sent: Tuesday, March 05, 2002 9:46 PM
Subject: Re: [Ethereal-dev] Checking out Sniffer ...


> On Tue, Mar 05, 2002 at 09:29:51PM +1100, Ronnie Sahlberg wrote:
> > any features similar in ease of use and usefulness to the display
filters
> > are features that have eluded me completely
> > in sessions using other tools.
> > i hope this is because i couldnt find how to use those features in those
> > tools, and not that they are missing.
>
> You might want to look at the Network Monitor filtering mechanism; it
> also lets you construct expressions that test the values of fields in
> packets (the dialog box, in Ethereal, for constructing terms in filter
> expressions is modeled, to some degree, after the Network Monitor dialog
> box).