Wireshark · Ethereal-users: Re: [Ethereal-users] FAQ? (Filters)

Ethereal-users: Re: [Ethereal-users] FAQ? (Filters)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gilramir@xxxxxxxxx>

Date: Thu, 22 Mar 2001 12:35:05 -0600

Ted Wagner wrote:
> 
> 
> Example, I'd like to be able to watch packets going to TCP port 1601 on a specific machine...
> 
> Here's what I have tried from reading the documentation:
> 
> ip and tcp.port == 1601
> (ip and tcp.addr == 126.1.1.2) and tcp.port == 1601

Addresses exist in the IP protocol, not in the TCP protocol, so your
filter
would be:

ip.addr == 126.1.1.2 and tcp.port == 1601

The documentation has a list of the fields that each protocol has.


> etc.
> 
> Is there a FAQ I can read that would talk about filters and the different options/commands, etc.?
> 

Nope, just the main Ethereal documentation.
Ethereal does have a GUI filter creation option. Choose the "Add
Expression"
button in the filter dialogue box.


--gilbert

References:
- [Ethereal-users] FAQ? (Filters)
  - From: Ted Wagner

Prev by Date: Re: [Ethereal-users] FAQ? (Filters)
Next by Date: [Ethereal-users] Is it possible to detect wingate
Previous by thread: Re: [Ethereal-users] FAQ? (Filters)
Next by thread: [Ethereal-users] Filters (some clarification)
Index(es):
- Date
- Thread