Hello,
Suppose i have a frame like:
Frame 363 (90 on wire, 90 captured)
Arrival Time: Jun 4, 2003 18:16:20.623654000
Time delta from previous packet: 0.002625000 seconds
Time relative to first packet: 13.375884000 seconds
Frame Number: 363
Packet Length: 90 bytes
Capture Length: 90 bytes
IEEE 802.11
Type/Subtype: Data (32)
Frame Control: 0x0108
Version: 0
Type: Data frame (2)
Subtype: 0
Flags: 0x1
DS status: Frame is entering DS (To DS: 1 From DS: 0) (0x01)
.... .0.. = Fragments: No fragments
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 258
BSS Id: 00:02:2d:0d:fc:5b (Agere_0d:fc:5b)
Source address: 00:02:2d:20:e1:d0 (Agere_20:e1:d0)
Destination address: 00:02:2d:0d:fc:5b (Agere_0d:fc:5b)
Fragment number: 0
Sequence number: 2090
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func = UI (0x03)
000. 00.. = Unnumbered Information
.... ..11 = Unnumbered frame
Organization Code: Unknown (0x00601d)
Protocol ID: 0x0001
Data (58 bytes)
If i want to specify a filter in tethereal in such a way that, it will filter out packets, where
Frame Type match: "data" and the some more fields of the header. what is the syntax? How do i specify that???
If i specify:
[vaidehi@base-station log]$ tethereal -i eth2 -f 'wlan.fc.type_subtype eq 0x08' -V
I get an error:
tethereal: Unable to parse filter string (parse error).
Can anybody guide me writing rules to filter out packets based on certain header information. I am interested in the syntax. Or any document describing the filters or examples of filters would be useful.
Thanks
-Vaidehi
Do you Yahoo!?
Free
online calendar with sync to Outlook(TM).