Ethereal-users: Re: [ethereal-users] Capture filter not working with tethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 21 Feb 2000 23:08:54 -0800
> Neither Ethereal nor Tethereal currently support command-line arguments
> other than flag arguments.  For invocations that start out doing a
> capture (Ethereal with the "-k" flag, Tethereal without the "-r" flag),
> perhaps if there's no "-f" flag, the command-line arguments should be
> treated as tokens in a packet filter expression, just as happens with
> tcpdump and snoop.

I've just checked in a change to Tethereal to support that; capture or
read filters can either be specified with "-f" and "-R" flags,
respectively, or as additional non-flag command line arguments, as is
the case with tcpdump or snoop, so you can, for example, do

	tethereal host www.sun.com

to do a capture that sees only packets going to or from "www.sun.com",
or do

	tethereal -r my_capture.pcap ip.addr == 128.1.2.3

to read the capture file "my_capture.pcap" and see only packets going to
or from the IP address 128.1.2.3.

(Note that if any of the tokens in the capture or display filter contain
shell meta-characters, they'll still have to be put in quotes.)