On Friday, June 20, 2003, at 12:00AM, Ka K. Lor wrote:
I doing a project on Ethereal and trying to write a manuel for it
using my
understanding....
I download winpcap 3.0 and ethereeal to install on my window xp.
After
install it, if click on capture....it will pretend like it will capture
something..but nothing will be capture...I don't know how to define the
filter or initial filter to start with...
Try starting with *nothing* as the filter - leave the "Filter:" field
blank. If it doesn't capture any packets, adding a filter won't help -
a filter only *reduces* the number of packets captured (it "filters
out" some packets and discards them), it can't cause *more* packets to
be seen than would be seen with no filter (which means "don't filter
out *any* packets). If you're not seeing any packets, see
http://www.ethereal.com/faq.html#q5.1
I need help with filter, after reading the given manuel, I still don't
understand how to define filter under ethereal on window platform...
You define it the same way you define it on UNIX. See the
tcpdump/WinDump man page for the platform on which you're running
Ethereal; for WinPcap 3.0, for example, see
http://windump.polito.it/docs/manual.htm
Look for the section that begins with
expression
selects which packets will be dumped. If no expression is given, all
packets on the net will be dumped. Otherwise, only packets for which
expression is `true' will be dumped.