Wireshark · Ethereal-users: [ethereal-users] capture filters for windows port

Ethereal-users: [ethereal-users] capture filters for windows port

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Mark Rubin" <mark@xxxxxxxxxxxxxxxxxxxxxxx>

Date: Fri, 5 May 2000 10:00:12 -0400

Our goal is to capture all port 80 requests from one ip address and only
wish to capture that. We have a lot of traffic on our network and the
capture file would be quite huge without it. We tried writing our own
filters (ip.addr eq 192.168.1.58) and (tcp.port eq 80) and tried to
implement them before doing the capture, but it would give us an error
message (Unable to parse filter string (syntax error)) We've tried switching
the eq to == and tried only listening for port 80 or only listening for a
certain ip address but have been unsuccessful. We have been successful in
using those filter commands after we've already captured a large bit of data
but not trying to use them before we filter. Any advice?

Mark

Follow-Ups:
- Re: [ethereal-users] capture filters for windows port
  - From: Guy Harris

Prev by Date: Re: [ethereal-users] Windows NT and update list in real time
Next by Date: Re: [ethereal-users] capture filters for windows port
Previous by thread: Re: [ethereal-users] Windows NT and update list in real time
Next by thread: Re: [ethereal-users] capture filters for windows port
Index(es):
- Date
- Thread