ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: RE: [Ethereal-users] (No Subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx
Date: Wed, 14 Aug 2002 22:35:28 +0100
Ade,

> Is there a way to configure filters to support trigger 
> operation i.e. capturing only interesting packets?  I know 
> etherreal does not have a native trigger function but perhaps 
> there is a way to modify filters to act as triggers.

I'm not quite sure what you mean by "trigger". 
* If your "interesting" trigger can be descibed using a capture filter
(using the TCPdump syntax). Then yes. Read the tcpdump man page for more on
capture filters.
 

* If your "interesting" trigger can be described using a display filter,
then when you set up your trace select the best capture filter you can. Also
select "update packet list in real time". When the trace begins enter your
display filter and click apply. Ethereal will then only display your
interesting traffic. Read the ethereal documentation for more on display
filters.

* If your capture filter is too broad for Ethereal to keep up with holding
all this in memory. You can try using tethereal with the -R flag to do
pretty much the same thing, except you can only look at the trace
afterwards.
tethereal -f "ip host 1.2.3.4" -R "icmp" -w splat.trc
If you want to check the data without stopping the trace. Then use the "Use
Ring Buffer" option with a suitable capture file rotation speed. Then run
the above command on the traces that 

* If your "interesting" trigger can't be described using a display filter,
your still not shot. With a bit of Perl you can scan the output of tetheral
-V or tetheral -x, and then decide which frames are "interesting". Then use
EditCap to select only those frames.

HTH 

Alistair

PS A subject heading would have been nice.


-----------------------------------------------------------------------


Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422 
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube