Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: Re: [Ethereal-users] using ethereal between 2 pcs only

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "bunty " <bunty123_4@xxxxxxxxxxxxxx>
Date: 26 Mar 2005 13:39:55 -0000

 

Hello Alexandre,
           
On Sat, 26 Mar 2005 Alexandre Rafalovitch wrote :
>Bunty,
>
>Actually, what you are asking seems to be a functionality so basic
>that the documentation should have answered it your question. At least
>I, for one, have troubles figuring out exactly which step you have
>problems with.
>
          I am sorry for asking simple question. actually i added new protocol to TCP/IP stack but to test that my linux kernel works in between 2 comps in a LAN so as both ps are on LAN i got a lot of traffic and unable to distingiush it.

>Let's try it step by step.
>
>If you just do the capture (non-promiscuous mode), does your traffic
>show up? I understand that you will get all the broadcast as well.
>If it does, try filtering that only it shows. Find the instance of
>your traffic packet, find the field you are interested in and
>right-click on it.
>
Yes i did it but thought is packets can be captured on MAC address basis.

>You should then be able to 'prepare filter' by that field. The
>_expression_ should appear in the text field in upper left with
>apply/clear buttons near it. I am not sure exact _expression_ that will
>create for MAC IDs, but for TCP addresses , you often need to modify
>tcp.source == x.y.z.k to tcp.addr==x.y.z.k to ensure you get the
>traffic in both directions.
>
>Once you apply the filter, the rest of the traffic should be hidden.
>Play around with making the filters and clearing the filters until you
>get what you want. You may want to check _expression_ builder if you
>need field names.
>
>This will get you the display filters, the capture will still have all
>of the traffic. If you want to capture only the relevant traffic, you
>need capture filters instead. At this point, the capture filters use
>similar but different syntax. You can use capture filter _expression_
>builder to make that one work, but I do suggest using display filters
>first to learn your way around the field and values.
>
>Hopefully this descriptions covers what you need. If it does not or if
>you have problems along the way, please try to be more specific in
>your email. You could say ' I did _this step_ and got _that result_. I
>was expecting instead to see _something else_'. This way it is clear
>what you want and what you got instead.
>


  Got it. instead of trying myself in ethereal i ask here my mistake.
Thanks a Lot for info.  I got the results from packet filter _expression_. Its very nice thing provided by Ethereal.

regards,
Bunty.



Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube