Ethereal-users: Re: [Ethereal-users] couple of questions( dynamic capture filtering, applicatio

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 28 Jan 2005 12:58:02 -0800
Raghavendra Thodime wrote:


1. When I direct verbose (./tethereal -V) output to a
file, It prints whole protocol tree(includes
MAC,IP,Transport headers) after decoding the fields.
Is there any way I can specify to get only application
level packets(http, sip and etc) in decoded format.
No - there's no mechanism in the Ethereal dissection code (used both by Ethereal and Tethereal) to prevent particular protocols from being put into the protocol dissection at all, and there's currently no mechanism in Tethereal to specify that the full tree shouldn't be printed for some protocols in "-V" mode. 


2.  Is there any Interface where I can dynamically
change capture filter through some script while
tethereal is running.
No - Tethereal doesn't include any code to change the filter on a capture it's doing (so there's no way for some script to make it do so).
Note that even if such a mechanism existed, changing the filter might cause packets that passed the old filter but that haven't yet been read by the application to be discarded regardless of whether they'd pass the new filter or not, as that's the way libpcap works on some OSes (in some cases that's the way the underlying OS capture code works, and on others libpcap works that way so that applications that expect not to see packets that don't pass the new filter after the new filter is installed don't get those packets anyway).