Yuxiao Jia wrote:
<1. if I use tethereal, how can I only parse these two field (packet identification and timestamp)? can I ? I try a lot, if use -V option, too < much filed.
It is possible to add a certain field to the summary output by using the "-z,proto,colinfo" option,
see the man-page for tethereal.
C:\Program\Ethereal>tethereal -z "proto,colinfo,ip.id,ip.id"
13.076541 10.10.10.23 -> 10.10.41.32 HTTP HTTP/1.1 304 Not Modified ip.id == 0x0367 80 1195
It is also possible to configure what columns should be vissible in the summary printout by using the "-o" option
to set the column.format preference value.
C:\Program\Ethereal>tethereal -z "proto,colinfo,ip.id,ip.id" -o "column.format: Frame, %m, time, %t, Proto, %p, Info, %i"
It seems that you have to have the info-column in order to get the "-z proto,colinfo" fields printed out.
<2. The capture filter syntax canot work for me, I read tcpdump(8),, for example I want capture filer all traffic which destation port is <6000
<./tethereal -i eth0 -t a -f 'dst port 6000'
<it doesnot work,
Instead of using:
'dst port 6000'
you should use
"dst port 6000"
/tethereal -i eth0 -t a -f "dst port 6000"