Ethereal-users: Re: [Ethereal-users] filtering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sat, 06 Dec 2003 15:32:54 -0600
Jason Martina wrote:
*/Hello, im new to this part of ethereal , what im try to do is remote in to certain servers and observe traffic, now when I do it ,of course there is huge traffic due to the remoting in, via tcp port 3389 I want to filter tha tport out so I don’t see all that trafiic how can this be done, im sure its easier than it looks im quick learner, a good example a should do it, thanks/*
This is done using a capture filter, which can be supplied on the command line or in the Capture Options dialog. Any of the following should work: 

not port 3389
not host <your ip address>
not (port 3389 and host <your ip address>)
Ethereal has the same capture filter syntax as tcpdump (they both use the same library for capturing). A complete description of this syntax can be found in the "expression" section of the tcpdump man page: 

    http://www.tcpdump.org/tcpdump_man.html