Ethereal-users: Re: [Ethereal-users] Capture filter syntax -- Help

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "David Bremer" <DAVEB@xxxxxxxxxxxxxx>
Date: Thu, 27 May 2004 08:43:09 +1200
I agree that the various doc's that say "just read the tcpdump(8) man page) is a cop-out (as in the FAQ5.11 http://www.ethereal.com/faq.html#q5.11). I find the syntax bloody difficult and the tcpdump man page one of the worst places to go to when tyring to make a new capture syntax.

I keep coming back to this page http://home.insight.rr.com/procana/

I've just got hold of the new syngress book "Ethereal Packet Sniffing" by Angela Orebaugh and while it's a little light in the stuff I was after, the chapter on capture filter's looks good.

Your milage may vary with that book - it's a well written introduction to using ethereal - I was after something that advanced my interpretation of the captures rather than how to use it. Something that would work through numerous capture examples pointing out common network problems, especially the graphing and stat's areas - that book is still to be written I think. This book does a good job of introducing you to it's use.

Regards
Dave

>>> patux@xxxxxxx 26/05/04 21:40:08 >>>
Hi. I work with 2 computers: the server that runs under linux, and a client
running WinXP.
I want to sniff all the msn messenger packets, but I cannot make the right
syntax for the capture filter. I cannot let Ethereal go without filters
because the WinXP machine is running Emule, and the amount of packets is
really big.
Where can I find a manual for the capture filters more easy to understand
than the man page (of Ethereal or tcpdump).

Thanks

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx 
http://www.ethereal.com/mailman/listinfo/ethereal-users