Ethereal-users: [ethereal-users] having difficulty with tethereal and filters

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Phil N <pnewlon@xxxxxxxxxx>
Date: Thu, 16 Mar 2000 17:10:52 -0500
I am having difficulty getting the hang of filters with tethereal.  I was trying every combination
of the following filter that I could think of without much luck, all would give an error when
parsing the expression.

/usr/sbin/tethereal -c 100 -F ngsniffer -f "ip.src eq 63.75.231.1" -w /home/pnewl01/phil_dump.enc
/usr/sbin/tethereal -c 100 -F ngsniffer -f "ip.src == 63.75.231.1" -w /home/pnewl01/phil_dump.enc
/usr/sbin/tethereal -c 100 -F ngsniffer -f ip.src eq 63.75.231.1 -w /home/pnewl01/phil_dump.enc
/usr/sbin/tethereal -c 100 -F ngsniffer -f ip.src == 63.75.231.1 -w /home/pnewl01/phil_dump.enc


When I changed it to the following I was successful (I found this in the mailing list)
/usr/sbin/tethereal -c 100 -F ngsniffer -f "ip host 63.75.231.1" -w /home/pnewl01/phil_dump.enc

The format that worked was not an obvious solution when reading the man pages.....  Have I missed
some piece of documentation that would have explained this?  What would the format be for capturing
ICMP ping (type 8) packets that were sourced from 63.75.231.1?

	icmp.type == 8 and ip.src == 63.75.231.1

Direction would be appreciated!

Thanks,

Phil