Thank you for listening to me again. I hope I didn't bore some people too much. I include, below a list of very useful filters (display and capture). Note1: display filters can be changed "on the fly" even while capturing, if your machine is fast enough. (here "fast" depends greatly on WHAT is being captured. capture filters cannot be changed without stop and start. Note2: in the capture panel there is an option "update packets in real time". If capturing very fast traffic fails, this can be disabled. I mentioned that real-time-display is a great option, but if all else fails, you can try without it. Note3: coloring rules can be saved. I strongly suggest to use coloring and to save the rules, it helps a lot to understand (at the begining).
Look at the links I supplied last time (see below) - its worth it. Last note, and thanks to those who send me traces of their adsl or cables connection : Thank you all. I am going to miluim tomorrow, so, understand my silence. Nir. ---------- Forwarded message ---------- Date: Mon, 7 Apr 2008 18:03:22 +0300 (IDT) From: Nir Abulaffio <[EMAIL PROTECTED]> To: Haifux <haifux@haifux.org> Cc: linux-il <[EMAIL PROTECTED]> Subject: Re:How Ethernet works - Some more details In my lecture, I mentioned that I cannot put in the lecture slides the things I showed on screen. Some pages were from books that are in print. I showed some pictures, that, I think, explain very well certain aspects of ethernet communication. However I supply, below, links to some of the information I talked about, even if these are less good (in my opinion), and some I didn't have time to talk about :-) ... Nir. presentation of osi layers and other matters. http://ws.edu.isoc.org/workshops/2004/SANOG-IV/ip-services/presentations/ip-intro/ ipbasics/sld021.htm http://www.tcpipguide.com/free/t_OSIReferenceModelLayerSummary.htm about : Ethernet over twisted pair http://en.wikipedia.org/wiki/10BASE-T History, layer description, examples, and much more: worth looking at ** everybody will find something he didn't know. http://en.wikipedia.org/wiki/OSI_model tcp state machine : http://diuf.unifr.ch/people/yoois/Janus/Verifier/NewTCPState.jpg (the next link is very long and split on 6 lines !). http://images.google.com/imgres?imgurl=http://diuf.unifr.ch/people/yoois/Janus/Verifier/NewTCPState.jpg&imgrefu l=http://diuf.unifr.ch/people/yoois/Janus/Verifier/index.htm&h=691&w=846&sz=97&tbnid=KrPohCO8MmvS4M:&tbnh=118&t nw=145&prev=/images%3Fq%3Dtcp%2Bstate%2Bmachine%26um%3D1&start=3&sa=X&oi=images&ct=image&cd=3 -- Wireshark filters -- Here are a few examples of diplay filters and capture filters. In both cases logical expressions can do wonders. DISPLAY filters: eth.dst == 00:0d:22:23:62:3f (filtering based on MAC address). ip.src == 132.74.24.200 !(ip.src == 132.74.24.200) (negation this way works, using != doesn't always) !(ip.addr == 132.74.24.200 or ip.addr==132.74.24.201) tcp.port==80 !(tcp.srcport == 80) !(tcp.port == 80) udp.port==53 tcp udp arp (worth trying) CAPTURE filters : (spaces between keywords are important) host 132.74.1.40 ether host 00:0d:22:23:62:3f net 132.74.1.0 mask 255.255.255.0 (note: non-netwok bits should be set to zero) net 132.74.1.240 mask 255.255.255.252 tcp port 8080 tcp udp arp ---- _______________________________________________ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux