On Tue, Jun 18, 2002 at 03:04:28PM +0200, Ori Rafalin - Israel wrote:
> Although I have installed WinPcap 2.3. , I still receive "unable to parse
> filter string (parse error)"
> with the following filter: h225
> what's wrong with it?
What's wrong with it is that it assumes that libpcap/WinPcap's limited
filtering capabilities allow it to capture only H.225 packets.
If it's not documented in the libpcap man page on UNIX, or in
http://winpcap.polito.it/docs/pcapman.htm
on Windows, it's not supported.
The only way you can filter for H.225 packets in Ethereal is to capture
traffic that includes, but is not necessarily limited to, H.225 traffic,
and then filter for it with the appropriate display filter *after*
you've captured it. (I don't know what the appropriate display filter
is, as I don't have the H.323 plugin.)
In Tethereal, you could capture with a "read filter", using the "-R"
flag; this lets you use an Ethereal display filter to control which
traffic is captured, but display filters consume more CPU time to
process than capture filters, so you may run a greater risk of dropping
packets.
