On Tue, Jun 18, 2002 at 12:37:14PM -0500, Nancy Miaw wrote:
> I worked with Cisco Systems on Packetcable project, I have downloaded
> Ethereal in our lab and tried to use it as a COPS analyzer. However, I have
> problem to use filter to set COPS protocol. I can use scr and dst ip
> address to get TCP packets but not COPS. Can any one show me how to filter
> COPS messages?
libpcap filters (Ethereal uses libpcap - or, on Windows, the WinPcap
port of libpcap - to capture packets, so its capture filter capabilities
are those of libpcap) can test for specific TCP or UDP port numbers; the
Ethereal COPS dissector indicates that the default port number is 3288.
The filter
tcp port 3288
will capture traffic to or from TCP port 3288, and no other traffic.
If COPS traffic is using some other port number, you would have to use
that port number in the "tcp port" expression; if more than one port
number is being used, you'd have to combine the filters, e.g.
tcp port 3288 or tcp port 7077 or tcp port 31337
This will, unless you also add filters for IP addresses, capture all
traffic to or from those port numbers, so it might capture non-COPS
traffic.