["Visser, Martin" <martin.visser@xxxxxx>]

Michael,

 

To find out what display filters are available, click on the "_expression_..." menu item on the Filter Toolbar.

 

I'm not sure what you mean by your 2nd question. The string  "nbns or nbp or nbss or ncp or ndmp or netbios" is a valid single search string. (Note that ncps isn't a valid protocol). You can just apply this as a display filter. If you what you are alluding is to there a single word that encapsulates all those protcols the answer is no. You can however save any filter string by clicking on the "Filter:" button.

 

Michael just gave me a thought though - how about we have a way of using the saved filter string within subsequent filters. This way you can use the saved filter as an abbreviation (like a #define) that could be referenced say with a "filter:xxx" designation. For instance I have saved a filter called "tcpstart" which is defined as "tcp.flags.syn == 1 && tcp.flags.ack == 0". What would be great is to be able in subsequent filters type something like "ip.addr==192.168.222.0/24 && filter:tcpstart". Any takers?

 

Martin

 

 

Martin Visser, CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services

410 Concord Road
Rhodes NSW  2138
Australia

Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it.

 

---

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Michael Palmieri
Sent: Monday, 2 May 2005 9:14 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Building Custom Filter Strings

Hi thanks for responding!

would u happen to know if their is a way to search for multiple protocols using etheral.

I like to beable to search for the following protocols in one search string

nbns or nbp or nbss or ncp or ndmp or ncps or netbios

 

thanks

 

>From: Guy Harris <gharris@xxxxxxxxx> >Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> >To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> >Subject: Re: [Ethereal-users] Building Custom Filter Strings >Date: Sun, 01 May 2005 13:17:31 -0700 > >Michael Palmieri wrote: >>Using Etheral GUI Win32 Binary >>Can some one tell me if their is a way to build custom strings that >>will enable me to search for multiple protocols. >> IE: Looking for all traffic for protocols NBNS NBP NBSS NCP >>NDMP NCPS Netbios > > nbns or nbp or nbss or ncp or ndmp or ncps or netbios > >(if those are the names for the protocols in question) will, as a >display filter, select packets that have any of those protocols. > >_______________________________________________ >Ethereal-users mailing list >Ethereal-users@xxxxxxxxxxxx >http://www.ethereal.com/mailman/listinfo/ethereal-users