Wireshark · Ethereal-users: Re: [ethereal-users] Filters in Ethereal...

Ethereal-users: Re: [ethereal-users] Filters in Ethereal...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Tue, 3 Oct 2000 08:36:48 -0400

On Mon, Oct 02, 2000 at 04:03:40PM -0600, Gerardo Ibarra Aranda wrote:
> Hello, I want see only the packages TCP and SMTP transmited between 2 
> computers, 200.13.110.240 and 200.13.110.241 for example. Somebody know how 
> I do that???.
> 
> Thank you.
> 
> Gerardo.

If the packets have already been captured and you are trying to
modify what is displayed on the screen, then you need a display filter of
the form:

ip.addr == 200.13.110.240 and ip.addr == 200.13.110.241 and (tcp or smtp)

If you're trying to capture only that type of traffic, then you need
a capture filter (in "tcpdump" syntax, which is really "libpcap" syntax,
but it's documented in the tcpdump manpage):

host 200.13.110.240 and host 200.13.110.241 and (tcp or port smtp)

--gilbert

References:
- [ethereal-users] Filters in Ethereal...
  - From: Gerardo Ibarra Aranda

Prev by Date: Re: [ethereal-users] decoding RTP packets
Next by Date: [ethereal-users] Ethereal on X sessions other than :0
Previous by thread: Re: [ethereal-users] Filters in Ethereal...
Next by thread: Re: [ethereal-users] ATM files
Index(es):
- Date
- Thread