> I want to capture in a network a IP-address of a printer. We have TCP/IP
> running. This is a Windows NT4.0 network.
> I have connecting a LAPTOP with Win98 via a Ethernet Hub into the same
> network as the printer is.
> I want to capture all trafic and data what goes to that IP-address of the
> printer.
I assume that you mean that you want to capture traffic going to that IP
address *AND* traffic coming *from* that IP address - i.e., you not only
want to capture traffic *to* the printer, you also want to capture any
traffic coming *from* the printer.
> The printer has the IP-address 172.16.70.14
>
> What must I do ?
>
> Am I right, when I go to "EDIT"....."Capture Filters"
No. That's not the right thing to do if you just want to do a capture.
The *ONLY* reason to select "Capture Filters" from the "Edit" menu is if
you want to edit your list of saved capture filters.
If you don't *have* any saved capture filters, you don't need to do
that.
If all you want to do is to specify a capture filter when capturing, you
*DON'T* have to give the filter a name, and you *DON'T* have to put it
in the list of capture filters. You just have to put the filter
expression into the "Filter:" field in the "Capture Options" dialog box
that's created when you select "Start" from the "Capture" menu.
>.....then I give him a
> ..."Filter name".... And a ......."Capture string"....
> Now my problem, what is the syntax or what command must I give in as
> "Capture string"
It's "Filter string", not "Capture string", and *IF* you wanted to add a
filter to your list of *saved* filters, you'd put into it the same
type of expression that you'd put into the "Filter:" field of the
"Capture Options" dialog box.
But you'd do that only if you wanted to save that filter with a name, so
you could retrieve it by name later when you did a capture. You don't
*have* to use a filter that you've saved by name when capturing; you can
just type in a filter at the time you start the capture.
The capture filter expressions Ethereal supports are those supported by
the libpcap/WinPcap library that Ethereal uses for capturing; those are
the same expressions that tcpdump/WinDump supports, as tcpdump/WinDump
also uses libpcap/WinPcap for capturing.
For the current (2.2) version of WinPcap, the filter expressions are
described in the documentation for the current version of WinDump:
http://netgroup-serv.polito.it/windump/docs/manual.htm
Search in that document for the phrase "selects which packets will be
dumped"; that'll take you to the section that describes capture filter
expressions.
In particular, if you want to capture traffic to and from your printer,
the expression would be
host 172.16.70.14
