Gee, it looks like the feature got added and I missed the notification!
(Anyone know when it got added, It must have only been in the last one or
two releases, I'm sure it wasn't working in 0.8.14)
-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx]
Sent: Tuesday, 4 September 2001 7:42 AM
To: Visser, Martin (SNO)
Cc: 'Frank Kim'; ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Sniffer Pro vs Ethereal
On Mon, Sep 03, 2001 at 12:46:19PM +0800, Visser, Martin (SNO) wrote:
> Unfortunately Ethereal can't quite do this either. So, please write the
code
> to do this!(it has been noted more than once on the development list that
> this feature is needed.)
Are you talking about capture filters or display filters?
For capture filters, there's no convenient syntax offered by libpcap at
present, but you can do something such as
ip[12:4] & 0xffffff00 == 0x0a0a0a00
to check for source addresses in 10.10.10.0/24, and something such as
ip[16:4] & 0xffffff00 == 0x0a0a0a00
to check for destination addresses in 10.10.10.0/24, so to test for
packets either coming from or going to that network, do
(ip[12:4] & 0xffffff00 == 0x0a0a0a00) || (ip[16:4] & 0xffffff00 ==
0x0a0a0a00)
For display filters, we now support CIDR-style addresses in filters, so
ip.addr == 10.1.2.0/24
should match packets coming from or going to the 10.1.2.0/24 network.
Martin Visser
Network Consultant - Compaq Global Services
Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia
Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:martin.visser@xxxxxxxxxx