I think aliasing a filter like that is an excellent idea. It would be very
useful for the types of display filters I make.
--Brandon
---------------------------
Brandon Enright
UCSD ACS/Network Operations
bmenrigh@xxxxxxxx
________________________________________
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Visser, Martin
Sent: Sunday, May 01, 2005 5:00 PM
To: Ethereal user support
Subject: RE: [Ethereal-users] Building Custom Filter Strings
Michael,
To find out what display filters are available, click on the "Expression..."
menu item on the Filter Toolbar.
I'm not sure what you mean by your 2nd question. The string "nbns or nbp or
nbss or ncp or ndmp or netbios" is a valid single search string. (Note that ncps
isn't a valid protocol). You can just apply this as a display filter. If you
what you are alluding is to there a single word that encapsulates all those
protcols the answer is no. You can however save any filter string by clicking on
the "Filter:" button.
Michael just gave me a thought though - how about we have a way of using the
saved filter string within subsequent filters. This way you can use the saved
filter as an abbreviation (like a #define) that could be referenced say with a
"filter:xxx" designation. For instance I have saved a filter called "tcpstart"
which is defined as "tcp.flags.syn == 1 && tcp.flags.ack == 0". What would be
great is to be able in subsequent filters type something like
"ip.addr==192.168.222.0/24 && filter:tcpstart". Any takers?
Martin
Martin Visser, CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services
410 Concord Road
Rhodes NSW 2138
Australia
Mobile: +61-411-254-513
Fax: +61-2-9022-1800
E-mail: martin.visserAThp.com
This email (including any attachments) is intended only for the use of the
individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended recipient,
please notify HP immediately by return email and then delete the email, destroy
any printed copy and do not disclose or use the information in it.
________________________________________
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Michael Palmieri
Sent: Monday, 2 May 2005 9:14 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Building Custom Filter Strings
Hi thanks for responding!
would u happen to know if their is a way to search for multiple protocols using
etheral.
I like to beable to search for the following protocols in one search string
nbns or nbp or nbss or ncp or ndmp or ncps or netbios
thanks
>From: Guy Harris <gharris@xxxxxxxxx> >Reply-To: Ethereal user support
<ethereal-users@xxxxxxxxxxxx> >To: Ethereal user support
<ethereal-users@xxxxxxxxxxxx> >Subject: Re: [Ethereal-users] Building Custom
Filter Strings >Date: Sun, 01 May 2005 13:17:31 -0700 > >Michael Palmieri wrote:
>>Using Etheral GUI Win32 Binary >>Can some one tell me if their is a way to
build custom strings that >>will enable me to search for multiple protocols. >>
IE: Looking for all traffic for protocols NBNS NBP NBSS NCP >>NDMP NCPS Netbios
> > nbns or nbp or nbss or ncp or ndmp or ncps or netbios > >(if those are the
names for the protocols in question) will, as a >display filter, select packets
that have any of those protocols. >
>_______________________________________________ >Ethereal-users mailing list
>Ethereal-users@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-users
