On Fri, Jul 06, 2001 at 05:54:51PM -0700, Anthony Abby wrote:
> Sorry to bother you all again, but could someone
> explain what I did wrong with this tethereal
> statement?
You didn't put the argument to "-f" in quotes.
In the command
> /usr/sbin/tethereal -c 0 -f ip host 192.168.1.3 -i
> eth0 -t ad -w /root/ethereal-caps/test
the argument to the "-f" flag is just "ip" - the standard command-line
argument parsing code on UNIX-flavored OSes (such as Linux) assumes that
the *next* token on the command line is the argument to a command-line
flag that takes an argument; that code does not attempt to infer that
you really meant to make "ip host 192.168.1.3" the argument.
Try
tethereal -c 0 -f "ip host 192.168.1.3" -i eth0 -t ad -w /root/ethereal-caps/test
instead, or try
tethereal -i eth0 -w /root/ethereal-caps/test ip host 192.168.1.3
as
1) "-c 0" is meaningless - it would mean "stop after capturing
no packets", which is pointless, so a packet count of 0 means
"keep capturing until interrupted", but that's the default,
so there's no need to supply "-c 0";
2) "-t" only applies if Tethereal is *printing* packets rather
than saving them to a file, and you're using the "-w" flag to
save them to a file, so "-t ad" does nothing and can be
omitted in your example;
3) any command-line arguments after the command-line flags are
concatenated and used as a capture filter if you're
capturing, so you can just put the filter at the end.