> I am just beginning to use ethereal. When I first
> setup the filter and save it, I don't seem to pick up
> the packets that I tell it to filter. Can someone
> guide me through setting up a filter. Basically I have
> a IP address that I want to monitor.
This is probably more of an ethereal-users question than an ethereal-dev
question, so I'm redirecting it there.
I'm assuming that "...that I want to monitor" means that you want a
capture filter, i.e. you want to have Ethereal capture network traffic,
but only traffic to or from a particular host.
If so, the filter is
host {IP address or host name}
where "{IP address or host name}" is the IP address or host name of the
machine to or from which you want to see traffic, e.g.:
host 208.8.184.15
to see traffic to or from the IP address 208.8.184.15.
If you already have a capture file that includes more traffic than just
traffic to or from that host, and you've read in that capture file and
now want only to see the subset of traffic to or from that address, the
expression would be
ip.addr == {IP address or host name}
e.g.
ip.addr == 208.8.184.15