during capture, the filters have to be expressed with the pcap syntax (the
one used with tcpdump for example) because they are handled by pcap
so type
ip host 10.1.5.2 (or : host ip x.y.z.t)
instead of
ip.addr == 10.1.5.2
the latter is the ethereal display filter syntax, which is quite different
hth
A 10:58 13/10/2003 +0100, vous avez écrit :
>Hi folks,
>
>I'm trying to track down a problem with one of my PC's and I want to monitor
>IP traffic in/out of it so I've installed Ethereal & Ethereal-gnome which
>should allow me to do what I want.
>
>However, I'm having trouble with the filter. According to the man page I
>should be able to just put
>
>ip.addr == 10.1.5.2
>
>or
>
>ip.addr eq 10.1.5.2
>
>into the filter field on the 'Capture Options' window, but both come up with
>parser errors.
>
>Anyone know what I should be putting in?
>
>--
>Gary Stainburn
>
>This email does not contain private or confidential material as it
>may be snooped on by interested government parties for unknown
>and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
>
>
>--
>redhat-list mailing list
>unsubscribe mailto:[EMAIL PROTECTED]
>https://www.redhat.com/mailman/listinfo/redhat-list
>
>
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
