Ethereal-users: Re: [Ethereal-users] Re: Welcome to the "Ethereal-users" mailing list (Digest mo

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 14 Nov 2001 02:19:35 -0800
On Tue, Nov 13, 2001 at 10:55:41PM -0500, Bei Zhang (Robert) wrote:
> I'm pretty new to Ethereal, and now I have the following question:
> 
> ethereal -f host 10.0.1.11 and ip proto \tcp

That command is parsed as passing the word "host" as the argument to the
"-f" flag, and passing "10.0.1.11", "and", "ip", "proto", and "tcp" as
additional non-flag arguments.

Try

	ethereal -f "host 10.0.1.11 and ip proto \tcp"

> I just want to define capture filter
> from the commandline, since it should have the same syntax as tcpdump.

Perhaps it should, but it doesn't - you have to use "-f", and you have
to put the expression in quotes.

BTW, if you're defining the capture filter on the command line, you
might just want to start the capture from the command line while you're
at it; use the "-k" flag and, if you want an "Update list of packets in
real time" capture, use the "-S" flag as well (and if you're using the
"-S" flag and want it to scroll so that the most recently captured
packets are displayed, use the "-l" flag).