The FAQ refers you to the tcpdump(8) man page on capture filters - which
is *NOT* helpful (as in the FAQ5.11
http://www.ethereal.com/faq.html#q5.11). I find the syntax bloody
difficult and the tcpdump man page one of the worst places to go to when
tyring to make a new capture syntax.
I keep coming back to this page http://home.insight.rr.com/procana/
The new syngress book "Ethereal Packet Sniffing" by Angela Orebaugh has
quite a good chapter on capture filtering
For your situation you are talking about a capture filter - try "!host
10.100.0.124" or "not host 10.100.0.124"
BUT - if you already have a capture and want to eliminate your own IP
then check out the display filter - try "ip.addr != 10.100.0.124"
With both examples - no quotes, and replace the address with your own
;-)
The syntax for filtering during capture (capture filter) and filtering
post-capture (display filter) are very very different
Regards
Dave
>>> gatyo@xxxxxxxxxxx 3/06/04 20:43:35 >>>
Hi,
I searched the whole documentation and I can't find how to filter the
packets so my ip isn't showing, but all others are...I don't want to see
my IP in the captured list. Can you tell me what filter should I put?
Thanks