On Tue, Sep 03, 2002 at 04:58:33PM -0400, Patnaik, Anjela wrote:
> Actually, I meant a Read Capture filter.
There is no such thing as a "read capture filter".
There are capture filters, which are implemented by libpcap (*NOT*
directly by Ethereal/Tethereal); the syntax and capabilities of those
are described by the tcpdump man page, and they do *NOT* include the
ability to recognize particular GIOP-based protocols.
There are also read filters, which are implemented by
Ethereal/Tethereal; the syntax and capabilities of those are described
by the Ethereal and Tethereal man pages, and they include the ability to
select any particular protocol.
> Basically, if I have 20+ GIOP plugins built,
> how do I capture only packets that dissect
> a given GIOP plugin ??
Packets don't dissect, they are dissected, and plugins aren't dissected,
they dissect.
What you presumably meant is "how do I capture only packets for the
GIOP-based protocol that is dissected by a given GIOP plugin?"
The answer to that is the same as it was in my last message, i.e.:
You would have to use a "read filter" to select your protocol,
unless you know the TCP port number your protocol will be using.
A "read filter" has the syntax of a display filter, so it'd just
be the protocol name you assigned to the protocol your plugin
dissects.
See the Tethereal man page for information on how to specify a
read filter.
