Ethereal-users: Re: [Ethereal-users] Capture filter for all HTTP/S based traffic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jack Jackson <jack@xxxxxxxxxxxxxxx>
Date: Thu, 15 Sep 2005 00:08:09 -0700
At 11:55 PM 9/14/2005, Walters, Adam S wrote:


Hi,
I am looking for some assistance with the Ethereal app. I am running it on a service which handles multiple data streams. I am only interested in filtering HTTP based traffic but cannot provide a valid filter for this option.
I have tried filters such as the following, however all return a "Invalid capture filter" error message. 

http.request.method == "POST"
http contains "xxxxxx.com"
http contains xxxxxx.com
http.request contains "xxxxxx.com"
http.request "xxxxx"
http.request xxxxx
Ideally I would like to configure Ethereal to provide me with a list of all HTTP requests with the destination DNS/URL.
Ethereal has two kinds of filters, capture filters which are processed by the capture mechanism, and display filters, which are processed by Ethereal, and the syntax of the two is very different. You have used the display filter syntax for a capture filter.
Capture filters are very simplistic, because they are executed in the kernel. You can exclude all but http with "tcp port 80" (assuming that the http is on port 80).