Ethereal-users: Re: [Ethereal-users] filter and counter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 22 Oct 2003 10:34:32 -0700
On Wed, Oct 22, 2003 at 02:20:54AM -0700, Suhail Hussain wrote:
> What kind of a filter should be used in Ethereal if one needs to find out the
> number of packets generated from a particular source to a particular
> destination.

A filter that compares the source and destination addresses, for
whatever protocol this is (Ethernet?  IPv4?  IPv6?  IPX?), against the
values you're interested in.

> Please let me know what string expression should be used

We can't do that without knowing what type of address it is.  If, for
example, it's IPv4, it'd be

	ip.src == 16.66.66.66 && ip.dst == 16.55.55.55

or something such as that (names can also be used).  However, for IPv6,
or Ethernet, or Token Ring, or IPX, or..., it'd be different.

> And is there a counter in Ethereal which will give the number of these
> packets.

Once you've filtered the packets, Ethereal 0.9.15 will show you that
count if you pop up the capture summary - select "Summary" from the
"Tools" menu, and look for "Packet count:" in the "Data in filtered
packets" section.