Ethereal-users: Re: [Ethereal-users] Display/Match problem - frame[x]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 23 Jul 2002 13:41:06 -0700
On Tue, Jul 23, 2002 at 01:09:25PM +0200, Martin Regner wrote:
> I have similar behaviour for both Ethereal 0.9.1 and 0.9.3.  I have
> not tried with the latest version (0.9.5).

You *should* try it with 0.9.5, because the bug that caused the octet
length to be left out of constructed "frame[]" filters was fixed in
either 0.9.4 or 0.9.5 (I forget which).

*However*, note that there's still no *guarantee* that it'll match.

Lines in the protocol tree pane (second pane) might, or might not, have
a "named field" associated with them.

The IP source address line has the named field "ip.src" associated with
it, so "Match" and "Prepare" can construct expressions that test the
value of that field.

The SNMP community line, however, doesn't have a named field associated
with it, so "Match" and "Prepare" can't construct expressions that test
the value of that field - they only construct expressions that match
bytes at a particular offset from the beginning of the packet, so if,
for example, the IP header of some SNMP request other than the one on
which you did "Match" or "Prepare" has options in it, the expression
won't match the community field.