On Thu, Jan 20, 2000 at 12:17:11PM -0600, Brian Capouch wrote:
>
>
> I just installed ethereal, first from a binary package I found on the
> net, and then from the source which I just built (ethereal 0.8.1, with
> GTK+ 1.2.6, with libpcap 0.4, with libz 1.1.3, without SNMP).
>
> In both cases, I have been unable to crack how to create new filters. I
> am a longtime user of tcpdump, and the behavior of ethereal is just like
> it in that respect, EXCEPT when I click on the "Filter" button, and get
> the filter dialog, clicking "NEW" doesn't cause a thing to happen.
>
> I have read the manpages and the FAQ. Certainly possible that I've
> missed it, but so far I'm stymied. And obviously, this program will be
> a lot more useful to me once I figure this out.
>
> Thanks in advance for any pointers hints or information.
>
> b.
The easiest way to create a display filter is to type it into
the box at the bottom of the main GUI. It's a text-entry box
to the right of the "Filter:" button, and to the left of the
"Reset" button. After typing it in, press ENTER to make it take
effect. These display filters follow the syntax described in the
Ethereal man page, *not* the tcpdump/libpcap syntax.
The filter "management" GUI works like this. Type in a name for
your filter, type in the filter itself, then press "New". After that
you can Save your filters to disk, and press OK to activate the currently
selected filter.
--gilbert