In sniffer pro, I've had success by specifying two conditions joined by an OR statement for the filter.
Each condition is specified by selecting the Data Pattern tab of the Define Filter dialog box and specifying appropriate offsets and data patterns. For the case where you need to specify the source ip address, I'd use an offset of 1A and fill in as many hex digits as it takes to uniquely define the subnet. For the case where you need to specify the destination ip address, I'd use an offset of 1E and fill in as many hex digits as it takes to uniquely define the subnet. Note: if you're looking at an existing capture featuring traffic to or from a specific host on the target subnet, you can use the data window in the same tab to speed things up slightly by selecting the line of the decode containing the address, clicking the set data button, and deleting the characters in the pattern window which distinguish the host from the subnet (generally, staring from the right: in the case of /24 masks, you'd eliminate the value in column 3, corresponding to the last octet/2 Hex digits). I don't remember the vendor-specific info for etherpeek, but the fundamentals are the same. HTH ----- Original Message ----- From: "supernet" To: Sent: Friday, April 12, 2002 12:42 AM Subject: traffic analyzer [7:41267] > Hi Dear Friends, > > I have 1 branch office connected to main office by frame relay. I > noticed a lot of traffic across this link and would like to find out > what they are. The problem is I don't have access to the branch office, > therefore, everything has to be done in main office. I tried sniffer > pro, etherpeek and anasil but they only allow me to specify a particular > source IP, not the whole branch office subnet. Is there any other > software I can use? > > Thanks. > Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41275&t=41267 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
