Hello,
Thank you very very much for your reply.
It was quite illuminating.
Regards,
Vlasis.
Αναφορά σε... Guy Harris <guy@xxxxxxxxxx>:
> On Wed, Jul 24, 2002 at 04:58:32PM +0300,
> vhatz@xxxxxxx wrote:
> > I am using Ethereal on Windows to capture
> H.323
> > traffic. I am having problems with the syntax
> of
> > filtering commands. For example, if I want to
> monitor
> > all messages of the H.225 protocol, should I
> use:
> >
> > proto h225
> >
> > in the start capture window in the filter box?
>
>
> No.
>
> There are, as noted in the other reply, two
> separate filtering
> mechanisms in Ethereal:
>
> the filter mechanism used when capturing
> packets, which uses the
> libpcap/WinPcap library;
>
> the filter mechanism used to select packets
> from a completed
> capture.
>
> The first filter mechanism, which is what's used
> in the capture dialog,
> is limited in its capabilities. It cannot, for
> example, detect
> arbitrary protocols; it doesn't look past the
> TCP or UDP headers, for
> example.
>
> So if you want a *capture* filter that selects
> only H.225 protocols, you
> would have to express that as a filter
> expression that looks at, for
> example, TCP and UDP port numbers.
> Unfortunately, H.225 protocols don't
> use standard port numbers, so you'd have to find
> out what port numbers
> will be used for the traffic you're trying to
> capture, and specify those
> port numbers (no, I don't know how to find out
> those port numbers).
>
> The other reply to your message says how to
> specify a filter to select
> packets from a completed capture; that may be
> all you can do.
>