now wait....
if all he wants to do is sniff certain source and destination addresses,
this can be done using a filter... I prefer display filters just in case you
want to go back and change what you see rather than a capture filter.
Am I missing something?
>>> "Kevin Cullimore" 04/12/02 03:32 AM >>>
In sniffer pro, I've had success by specifying two conditions joined by an
OR statement for the filter.
Each condition is specified by selecting the Data Pattern tab of the Define
Filter dialog box and specifying appropriate offsets and data patterns.
For the case where you need to specify the source ip address, I'd use an
offset of 1A and fill in as many hex digits as it takes to uniquely define
the subnet.
For the case where you need to specify the destination ip address, I'd use
an offset of 1E and fill in as many hex digits as it takes to uniquely
define the subnet.
Note: if you're looking at an existing capture featuring traffic to or from
a specific host on the target subnet, you can use the data window in the
same tab to speed things up slightly by selecting the line of the decode
containing the address, clicking the set data button, and deleting the
characters in the pattern window which distinguish the host from the subnet
(generally, staring from the right: in the case of /24 masks, you'd
eliminate the value in column 3, corresponding to the last octet/2 Hex
digits).
I don't remember the vendor-specific info for etherpeek, but the
fundamentals are the same.
HTH
----- Original Message -----
From: "supernet"
To:
Sent: Friday, April 12, 2002 12:42 AM
Subject: traffic analyzer [7:41267]
> Hi Dear Friends,
>
> I have 1 branch office connected to main office by frame relay. I
noticed a lot of traffic across this link and would like to find out
> what they are. The problem is I don't have access to the branch office,
> therefore, everything has to be done in main office. I tried sniffer
> pro, etherpeek and anasil but they only allow me to specify a particular
> source IP, not the whole branch office subnet. Is there any other
> software I can use?
>
> Thanks.
> Yoshi
>>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<<
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
================================================================
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41281&t=41267
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
