Ethereal-users: [Ethereal-users] RE: Packet capture doesn't work?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: beby@xxxxxxxxxxxx
Date: Thu, 7 Mar 2002 17:52:47 -0800
Looks like I've answered my own question...
The udp abbreviation "udp" works while the long form "ip proto udp"
generally doesn't work.
so:
"host foo and udp" works great, but "host foo and ip proto udp" causes a
parse error.

I just tested this on windump on NT4.0 and tcpdump on OpenBSD.  Looks like
things work exactly the same way in all those versions.  My bad, I guess I
didn't RTFM.  If someone could point me where to properly complain about
this lack of proper documentation in tcpdump I'll try to extricate my foot
from my mouth.  (Yes I read the Man page before posting, or trying to write
a filter, it didn't help, trial and error were my only buddies on this one)

However, I would still like to request someone update Q4.3 in the FAQ to
mention these type of issues... Why?  Because this problem was almost enough
to get me to forget about Ethereal, and start using MS NETMON and associated
tools instead.  Perhaps just pointing out a couple better sources of docs on
tcpdump than the man page would be enough.

-Bob
beby@xxxxxxxxxxxx