Ethereal-users: Re: [ethereal-users] Filters in Ethereal...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 2 Oct 2000 14:43:09 -0700 (PDT)
> Hello, I want see only the packages TCP and SMTP transmited between 2 
> computers, 200.13.110.240 and 200.13.110.241 for example. Somebody know how 
> I do that???.

When capturing traffic, or when looking at traffic you've already
captured?

When capturing traffic, you use tcpdump-style filters; the filter would
be

	host 200.13.110.240 and 200.13.110.241 and port smtp

That will keep Ethereal (or Tethereal, or tcpdump, or...) from even
seeing any traffic other than the SMTP traffic between those two
machines.

When looking at traffic you've already captured, you use Ethereal-style
display filters; if you've already captured traffic that includes
packets other than SMTP traffic between those two machines, and you want
to see only the SMTP traffic between those machines, the filter would be

  ip.addr == 200.13.110.240 and ip.addr == 200.13.110.241 and tcp.port == 25