Hello,
Eric Lam, Fu Wa a écrit :
I am new to Ethereal (0.10.7). I set up a display filter
(mgcp.rsp.rspcode >= 500 and mgcp.rsp.rspcode <= 530 and
mgcp.rsp.rspcode != 501 and mgcp.rsp.rspcode != 510). Would anyone teach
me how to setup the capture filter so that only the traffic with
(mgcp.rsp.rspcode >= 500 and mgcp.rsp.rspcode <= 530 and
mgcp.rsp.rspcode != 501 and mgcp.rsp.rspcode != 510) will be captured.
Many thanks.
You can't easily use an Ethereal display filter as a capture filter.
Capture filter's syntax is completely different from display filter's
one, and can't use Ethereal's protocol dissectors' information. Capture
filters can't easily access protocols higher than tcp or udp. In your
case, it will really be painful to look for this field by hand in a
capture filter. If your need is to filter out most traffic to prevent
ethereal from consuming lots of useless computing time, you may want to
filter on adresses and or tcp/udp ports.
See http://wiki.ethereal.com/CaptureFilters for an introduction to
capture filter syntax, and tcpdump manpage for full reference
(http://www.tcpdump.org/tcpdump_man.html).
Hope this helps,
Regards,
--
Julien Leproust
