On Fri, Feb 23, 2001 at 12:13:01PM -0800, Brent Bice wrote:
> I just downloaded the latest version of ethereal (well, version 0.8.15)
> and compiled/installed it. But it looks like some of the filters don't work
> anymore. For instance, one of my favorite filters was:
> frame[54] == 50:41:53:53 || frame[54] == 55:53:45:52
>
> But this filter now causes the error 'Unable to parse filter string
> "frame[54] == 50:41:53:53 || frame[54] == 55:53:45:52"
>
> This was a great way for me to show the boss why A) nobody is allowed to
> have root privs on the POP3 server, and B) nobody is allowed to access the
> POP3 server across the internet. (grin) Really made him a believer in
> VPN and encryption...
>
> My first thought was "oh, the syntax musta changed" so I highlighted a
> POP3 USER command packet and said to MatchSelected, and the syntax of the
> filter string it produces looks identical and produces the same type of
> error.
There was some breakage in the filtering code, due to some new
stuff that was added. The next version of Ethereal will have fixes
for this, but the syntax for the above filter will no longer
be supported. Instead,
frame[54:4] == 50:41:53:53
will have to be used.
--gilbert
