Jemiolo, John wrote:
With all built in(display) protocol filters selected, I can see the LAST
protocol used by DEC Infoservers, If I deselect all the filters, the
packets are not decoded and are displayed as �unknown�.
There are no built-in filters. Do you mean "protocols"? I.e., are you
referring to de-selecting all protocols in Analyze -> Enabled Protocols?
If so, then if you de-select all of them, you've deselected *all* of
them - including Ethernet, so Ethereal/Wireshark won't even dissect the
Ethernet header, so it'll display *all* Ethernet packets as unknown.
Going through
the protocol list, I do not see the LAST protocol (0x8041) listed
anywhere.
That's because we don't have a dissector for it; we just have its
Ethernet type associated with the protocol name.
My question is if I want only packets using the LAST
protocol displayed, which protocol from the list should be enabled?
If you want only packets using a protocol displayed, you need a display
filter. Analyze -> Enabled Protocols does *NOT* control filters; it
controls whether Ethereal/Wireshark will dissect a protocol at all -
it'll display packets regardless of whether there are dissectors for all
the protocols in them or not.
If you want to display only protocols with a given Ethernet type in an
Ethernet capture (Ethernet types are used in non-Ethernet link-layer
protocols as well, e.g. in 802.x protocols using SNAP), you would use a
filter "eth.type == {type value}, e.g. "eth.type == 0x8041".
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users