* Paul L. Lussier (plussier@xxxxxxxxxxxxxxx) done spit this rhetoric:
>
> Hi all,
>
> I'm playing around with ethereal, and just trying to get used to it. However,
> I apparently don't quite understand how to write effective filters.
>
> For example, I wanted to snoop myself telnetting from my laptop to my Sun.
> If I use 'tcp port 23' as a filter, I see all that gets sent from the Sun, but
> nothing that gets sent from the laptop. So, I'm assuming that telnet is going
> out on a different port than 23. So I tried to modify the filter to be things
> like:
>
> tcp port >= 23 and tcp port <= 1024
> tcp port > 22
>
> and other various things, and each returns the error:
>
> Unable to parse filter string!
>
>
> Can someone tell me what I'm doing wrong? Is there a guide on writing filters
> somewhere? I looked at the man page, but couldn't get a sense of what I was
> doing wrong.
What version are you using? With a version < 0.7.0
tcp port 23
in the filters line, followed by a file::reload should work.
The syntax for 0.7.0 or later should just be
tcp.port == 23
followed by an enter to activate the change.
--
Jerry Talkington
NetCache Escalation Engineer
Network Appliance, Inc.
"All mail clients suck. This one just sucks less."
-Michael R. Elkins, author of Mutt
