On Wed, Feb 14, 2001 at 11:14:03AM -0800, Elham Chandler wrote:
>
> Hi
>
> I'm new to ethereal and so forgive me if I'm asking a question that
> has already been asked before. I have just installed ethereal-0.8.15 and
> am having a little user interface problem.
>
> What I want to do is very simple. I want to see all the network
> traffic going between my PC/NT Win 2000 box and my Solaris box when I
> use HTTP to access my webserver on the solaris box.
Yep, that is very easy to do with Ethereal.
>
> So here are a few questions ...
>
> 1. In File->Open, I want to capture the information. Why is it that
> whenever I type in a file name, it complains that it is not in the
> correct capture file format Ethereal understands ? How do I create
> this file in the first place so that it is in the correct Ethereal
> format ?
Use the Capture menu option, not File. File|Open is for opening
a previously-saved packet trace.
>
> 2. In the Edit->Preferences, I click on Add Expression, and choose
> HTTP as my field name. It lets me choose notification, request or
> response as options. I choose 'request' and it places "http.request" in
> the Filter string field of the Ethernet Filters box. Is that really
> what I should be doing ? Where do I specify the ip address of my
> Solaris box then ? Maybe I should not be using HTTP for this
> purpose ?
You should read the man page (or HTML documentation... you don't
say if you're using the Solaris version or the Win32 version
of Ethereal) for a more complete discussion of filters.
Note that there is a difference in the syntax of capture filters and
display filters. Capture filters are used during the capturing
of packets, and display filters show you different views of
already-captured packets.
If you want to *capture* only the traffic between your PC
and your Solaris box, use the following capture filter. I
left out the "http" part because I'm betting that there is little
other traffice between those machines, so capturing all traffic
between those 2 is almost the same if not the same as capturing
only HTTP traffic.
host PC and host Solaris
(where 'PC' and 'Solaris' are the hostnames or IP address).
If you'd rather capture all traffic that is on your network
segment, just start the capture w/o a capture filter.
Then, you can pare down the traffic with a display filter,
which you type in at the bottom of the main ethereal window. The
filter would be:
ip.addr == PC and ip.addr == Solaris
(I assume you're using IPv4, not IPv6. "ip" in Ethereal means IPv4)
>
> 3. How should I modify Ethereal Preferences so that I am using the
> correct network connection for this scenerio ?(As you can see I'm
> a novice at networking as well!)
You select this in the Capture|Start dialogue.
(although a preference setting for the default interface would
not be a bad idea for us to add).
--gilbert
