Charles Dunkirk said:
> I was trying to file on just H.245 .h.323 and I was getting a message
> saying ( I am going from fallable memory) it was defined wrong.
>
> If I want to monitor only h.323 ,rtp and h245 how do I enter it?
If by "monitor" you mean "capture traffic containing", you would either
have to
1) find out the port numbers and specify them in a capture filter
(capture filters are handled not by Ethereal, but by libpcap and/or
the OS traffic capture mechanism - in OSes where it's handled by the
native traffic capture mechanism, the packets aren't even copied to
the application if they don't match the filter, which is a Good Thing
as it cuts the CPU load of capturing, but it means that the filter has
to be interpreted by the simple BPF interpreter, which simplifies the
filter language enough that it's "safe" to interpret them in the OS
kernel, but which also limits its ability to do complex filtering, to
the point that it can't handle requests for traffic that has to be
identified heuristically)
or
2) capture with Tethereal and use a read filter.