Hi Nadeem,
Capture filters and display filters use a different language. Capture
filters are not defined by Ethereal, but by libpcap (or WinPCap on MS
Windows). Display filters however are introduced by the Ethereal protocol
dissectors.
The capture mechanism of libpcap (or WinPCap on MS Windows) does not know a
filter expression named "cflow". If I remember correctly, cflow is netflow
and it runs by default on UDP port 2055. Hence you should use "udp port
2055" as *capture* filter. Should your cflow implementation use different
UDP ports, you can adapt the capture filter accordingly.
Regards,
Olivier
-----Original Message-----
From: Nadeem Lughmani
Hi All,
I have created a capture filter for cflow. When I click on capture start and
apply this filter I get the following error message:
"unable to parse capture filter (parse error) Interestingly enough, this
looks like a valid display filter. Are you sure you did not mix them up"
I don't have any display filter set. Does any one know whats going on here?
All I want is basically to capture cflow traffic and not others. Any help is
greatly appreciated.
Thanks
Nadeem
+++++++++++++++++++++++++++++++++
I am running ethereal version 0.9.16 compiled with GTK+ 1.3.0 with wincap
(version unknown) with libz 1.1.1