On Thu, Jul 25, 2002 at 05:38:48PM +0100, Brown, James wrote:
> I'm trying to do a packet sniff of a MS Netmeeting conversation with 3
> users, so I need to filter between multiple hosts, based on their IP
> addresses.
>
> Unfortunately, I can't find any way of doing this in ethereal and I've tried
> the following filter:
>
> "host 147.52.12.131 AND host 147.51.13.243"
>
> but I receive a parse error.
Well, first of all, it's "and", not "AND"; "and" will work, "AND" will
give you a parse error.
I assume you didn't put the quotation marks in the "Filter:" field in
the dialog box, as quotation marks are needed only on the command line
(and are processed by the command interpreter on UNIX, and either by the
command interpreter or the C startup code, I'm not sure which, on
Windows, so that Ethereal, Tethereal, tcpdump/WinDump, etc. don't see
them). If you put the quotation marks in the dialog box, that'll give
you a parse error.
Putting
host 147.52.12.131 and host 147.51.13.243
into the "Filter:" field (no quotes, lower-case "and") will filter out
packets that aren't IP packets between those two IP addresses (i.e., the
only packets it'll capture are packets where
either the source or destination IP address is 147.52.12.131
and
either the destination or source IP address is 147.51.13.243
).