> I can't find any examples of the syntax of capture filters
> to use with Ethereal 0.8.19 - the only reference is given
> to look at the <man 8 tcpdump>. But my FreeBSD 4.2 installation
> doesn't have section 8 of man for tcpdump at all !
That's odd - what happens if you just do "man tcpdump"?
FreeBSD comes standard with tcpdump; I forget whether, when you install
FreeBSD, you can arrange not to select the part of the installation that
would include it.
> Any examples/further references ?
The WinDump man page, which is based on the tcpdump 3.5 or so man page
(WinDump is a port of tcpdump to Windows, and the current version is
based on 3.5), is on line at
http://netgroup-serv.polito.it/windump/docs/manual.htm
It includes both the description of the capture filter expression
format, and some examples.
(Note that the capture filter syntax depends on the particular version
of libpcap on the system, so
1) the man page for a system other than your system might
describe capture filter features not supported on your
system;
2) the man page for a system other than your system might
*not* describe capture filter features that *are* supported
on your system;
and, given that man pages aren't necessarily updated when the code they
describe changes,
3) the man page for your system could conceivably, for example,
not describe capture filters features that are supported on
your system;
although that's less likely.)
